PuzlBox is a PHP fuzz tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect the following vulnerabilities:
Arbitrary Command Execution
Arbitrary PHP Execution
Local File Inclusion
Aribtray File Read/Write/Change/Rename/Delete
Reflected Cross-site Scripting
PuzlBox must be run as administrator!
puzlbox [-s Server (default localhost)] [-m Scan Modes (default CFLPSX)] [Absolute Web Root] [-n No Unhook] [Application Paths (comma delimited)]