Saturday, 4 February 2017

Power Fuzzer Website Scanning tool





Steps and Instructions -


Welcome guys to another tutorial on Kali Linux 💀

This time we will use Power Fuzzer to find vulnerabilities of a website.

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working.

Currently, it is capable of identifying these problems:

- Cross Site Scripting (XSS)

- Injections (SQL, LDAP, code, commands, and XPATH)

- CRLF

- HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow)

Designed and coded to be modular and extendable. Adding new checks should simply entail adding new methods.

Lets do it -

Steps -

* Open a terminal and type "powerfuzzer"


This will give you a GUI interface for powerfuzzer




As you can see we have many options to set up.

The verbosity can be set high.

If you are on a proxy, you can continue adding here.

But I will just enter the target URL in the Target URL tab and hit scan.


The process will start.

Note - The tool is a little bugish. It will load very slow.

Be patient


It will go through many URLs and web pages.



Here it found a vulnerable URL which is SQL injectable.

Thats what we needed.





The fun part is that it will scan for vulnerabilities like XSS too.

At the end of the scan, it will save the results and show you.

The tool is of course noisy. What would you expect from an automated non thresh hold hacking tool.

Thank you guys for reading this tutorial. Have a safe hack.




Other posts you may want to see-













No comments:

Post a Comment