API Fuzzer
API Fuzzer allows to fuzz-request attributes using common pentesting techniques and lists vulnerabilities. API Fuzzer gem accepts an API request as input and returns vulnerabilities possible in the API. Cross-site scripting vulnerability, SQL injection, blind SQL injection, XML external entity vulnerability, IDOR, API rate limiting, open redirect vulnerabilities, information disclosure flaws, info leakage through headers, and cross-site request forgery vulnerability.
Learn more
FuzzDB
FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. FuzzDB contains comprehensive lists of attack payload primitives for fault injection testing. These patterns, categorized by the attack and where appropriate platform type, are known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, XSS, HTTP header crlf injections, SQL injection, NoSQL injection, and more. For example, FuzzDB catalogs 56 patterns that can potentially be interpreted as a null byte and contains lists of commonly used methods and name-value pairs that trigger debug modes.
Learn more
PHP Secure
PHP Secure is a FREE code scanner that analyzes your PHP code for critical security vulnerabilities. Free online scanner:
- Quickly and qualitatively finds web app vulnerabilities
- Gives explicit reports and recommendations to fix vulnerabilities
- Easy to use and requires no specialized knowledge
- Reduces risk, saves budget, and boosts productivity
PHP Secure Scanner is suitable for analyzing sites on Php, framework Laravel, and CMS Wordpress, Drupal and Joomla.
PHP Secure detects the most common and dangerous types:
-SQL injection vulnerabilities
-Command Injection
-Cross-Site Scripting (XSS) Vulnerabilities
-PHP Serialize Injections
-Remote Code Executions
-Double Escaping
-Directory Traversal
-Regular Expression Denial of Service (ReDos)
Learn more
OWASP WSFuzzer
Fuzz testing or fuzzing is a software testing technique, that basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion. Let’s consider an integer in a program, which stores the result of a user’s choice between 3 questions. When the user picks one, the choice will be 0, 1, or 2, which makes three practical cases. Integers are stored as a static size variable. If the default switch case hasn’t been implemented securely, the program may crash and lead to “classical” security issues. Fuzzing is the art of automatic bug finding, and its role is to find software implementation faults and identify them if possible. A fuzzer is a program that automatically injects semi-random data into a program/stack and detects bugs. The data-generation part is made of generators, and vulnerability identification relies on debugging tools. Generators usually use combinations of static fuzzing vectors.
Learn more
