Application Fuzzing Tools

app_fuzzing_tools.md

Application Fuzzing Tools

Fuzzing is the act of testing software for vulnerabilities by injecting mutated or iterated data.

This gist mostly lists tools for web app fuzzing, but a couple for binary file fuzzing too.

Context

The general SOP for app fuzzing seems to be: recon, enumeration, then fuzzing

Tools

Recon

nMap - Network Mapper - https://nmap.org/

Fierce - find related domains - https://github.com/mschwager/fierce

Photon - a crawler - https://github.com/s0md3v/Photon

SSLscan - find certificate and cipher info - https://github.com/rbsec/sslscan

WAFW00F - see what Web Application Firewall is in use - https://github.com/EnableSecurity/wafw00f

Nikto - a web server scanner - https://cirt.net/Nikto2

Useful Firefox extensions

• Cookie Quick Manager - view, edit, create, delete, backup, restore cookies - https://addons.mozilla.org/en-US/firefox/addon/cookie-quick-manager/

• FoxyProxy - quickly switch browser proxies. Useful with Burp and ZAP - https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-basic/

• Disconnect - see a radial graph of domains linked to the one you're on - https://addons.mozilla.org/en-US/firefox/addon/disconnect/

• HTTP Headers Live - edit and resend HTTP requests - https://addons.mozilla.org/en-US/firefox/addon/http-header-live/

• User Agent Switcher - https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/

Enumeration

GoBuster - a directory finder - https://github.com/OJ/gobuster

SQLmap - SQL enumerator/injector - https://github.com/sqlmapproject/sqlmap

• you'll need to get the current session cookie. Example

• python sqlmap.py -u "http://127.0.0.1/sqli_1.php?title=" --cookie "PHPSESSID=ca42si4nqir5md1dkj4546db92; security_level=0"

Fuzzing

Web app fuzzers

Wfuzz - The Web Fuzzer - https://github.com/xmendez/wfuzz

• Wfuzz tips: https://securitybytes.io/wfuzz-using-the-web-brute-forcer-1bf8890db2f

• If you install through PIP, grab the wordlists from the listed repo

Burp Suite - https://portswigger.net/burp

• Learn Burp and hacking techniques for free at the Academy

ffuf - Fuzz Faster U Fool - https://github.com/ffuf/ffuf

Spike - https://github.com/guilhermeferreira/spikepp

Binary fuzzers

American Fuzzy Lop - https://github.com/google/AFL

Other tools

CeWL - custom word list generator - https://github.com/digininja/CeWL

Crunch - word list generator - https://sourceforge.net/projects/crunch-wordlist/

Daniel Miessler's lists - word lists - https://github.com/danielmiessler/SecLists

FuzzDb - word lists - https://github.com/fuzzdb-project/fuzzdb

Misc

I learned about a lot of this in an OWASP class I took on 08.24-25.2020, Fuzzing: An effective alternative to code review and penetration testing, taught by Alper Basaran.

Contact me

https://www.twitter.com/sandy___beaches