Friday, April 16, 2010

Fuzzdb Beta Release

Web Fuzzing Discovery and Attack Pattern Database - A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.

This is especially useful for many filter bypass type exploits. Identical encoding sequences have been observed to bypass filters for more than one application. Examples can be observed in categories including xss, sqli, evil script upload, OS command execution, traversal issues, directory indexing bugs, source code revealing vulnerabilities, etc. In recent times, for example, new embedded webservers were discovered to be vulnerable to directory traversal issues triggered by encodings that exploited Microsoft IIS in 2000.

This approach is also useful for targeted use of brute force for discovery using, for example, lists of known vulnerable scripts sorted by platform type, default locations of critical files of popular apps, high quality lists of common directory names.

More info and Download: http://code.google.com/p/fuzzdb

No comments: