Saturday, 4 February 2017

Power Fuzzer Website Scanning tool

Steps and Instructions -

Welcome guys to another tutorial on Kali Linux 💀

This time we will use Power Fuzzer to find vulnerabilities of a website.

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working.

Currently, it is capable of identifying these problems:

- Cross Site Scripting (XSS)

- Injections (SQL, LDAP, code, commands, and XPATH)


- HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)

Designed and coded to be modular and extendable. Adding new checks should simply entail adding new methods.

Lets do it -

Steps -

* Open a terminal and type "powerfuzzer"

This will give you a GUI interface for powerfuzzer

As you can see we have many options to set up.

The verbosity can be set high.

If you are on a proxy, you can continue adding here.

But I will just enter the target URL in the Target URL tab and hit scan.

The process will start.

Note - The tool is a little bugish. It will load very slow.

Be patient

It will go through many URLs and web pages.

Here it found a vulnerable URL which is SQL injectable.

Thats what we needed.

The fun part is that it will scan for vulnerabilities like XSS too.

At the end of the scan, it will save the results and show you.

The tool is of course noisy. What would you expect from an automated non thresh hold hacking tool.

Thank you guys for reading this tutorial. Have a safe hack.

Other posts you may want to see-


  1. By using the same scanning tools I have been doing all the professional working that are concern to my job. It sure seems to be a good idea to know about the things that are new for me.

  2. Runners of the websites can get lots of benefits with use of latest featured made tools in developers describe various functions. People are very happy with hire of custom essays writers that also give them required progresses.custom essays

  3. There are a lot of blogs and articles out there on this topic, but you have acquired another side of the subject. This is reliable content thank you for sharing it. scanning

  4. HTTP 500 statuses (usually indicative of a possible reconfiguration/security flaw incl. godaddy deluxe hosting promo code

  5. hello. when i type the vulnerable url on browser, it said error in SQL syntax. is it supposed to be error?