05/30/2009 - For latest commercial Powerfuzzer technology and Online Security Assessment Service please go to Powerfuzzer Online
02/15/2009 - Powerfuzzer featured in "Securing PHP Web Applications" by Tricia Ballad, William Ballad Addison-Wesley Professional (e-book)
01/01/2008 - Added Powerfuzzer v1 BETA binary package with installer for Windows 2000/XP (no need to install Python and modules)
12/26/2008 - Added highly requested feature to rate limit requests. Currently only available in Powerfuzzer v1.
12/03/2008 - Removed all references to ACUNETIX from this website upon their request.
11/25/2008 - www.powerfuzzer.com - registered as an official powerfuzzer domain name. Project files will be still hosted at Sourceforge.
10/22/2008 - Offering Software Subscription model for Powerfuzzer v1 (price $99/year - pay with CreditCard through PayPal or sign up for 1 yr subscription with PayPal). This will give you access to technical support and access to paid only features, plus you will support this project and secure it continuity. Great for security consultants, website owners! Powerfuzzer v1 BETA remains free with less features and no support. Powerfuzzer v1 comes with Cookie wizard (which greatly improves usability) and numerous bugfixes. Testing your website for security and quality assurance problems becomes even easier now.
09/06/2008 - applied various bugfixes for UNICODE/ASCII encoding and HTTP 500 reporting (lswww.py.patch, powerfuzzer-HTTPError-500-take2.patch, powerfuzzer.py.patch). Thanks for submitting your patches.
06/21/2008 - Powerfuzzer v1 BETA available. Several bugfixes (see CHANGES.txt). Improved BASIC AUTH and Cookie support.
02/22/2008 - Yay ... website is ready. Feel free to dl the ALPHA version, some features don't work quite well yet. Need volunteers to help. Please contact me if you're interested.top
IMHO, In order of importance:
-add NTLM support
-add custom check field to GUI (you can specify parameters that should be passed to fuzzer module in the GUI interface)
-add GUI to getcookie.py (incorporate into pf GUI?) - done
-modularize checks performed by the scanning engine, so that users can add their customized checks/modules/plugins
-add threading to scanning engine (for super fast scanning)
Q: How do I set a proxy in Powerfuzzer ?
A: Set it in GUI in AAA.BBB.CCC.DDD:PORT (i.e 192.168.1.1:8000) format
Q: Is Powerfuzzer supporting HTTPS ?
A: Yes, just type your URL using https://
Q: How do I set cookies in Powerfuzzer ?
A: Paid version (Powerfuzzer v1) comes with the wizard, in free and unsupported version (Powerfuzzer v1 BETA) you specify cookies in a text file and later point Powerfuzzer to that file.
Q: How do I instruct Powerfuzzer not to go to logout page ?
A: Put logout page URL in 'Exclude URL(s) or dir' section. You can also exclude whole directories (i.e http://target_domain/folder/*)
Q: What are the differences between Powerfuzzer v1 and Powerfuzzer v1 BETA ?
A: Powerfuzzer v1 is a software subscription based paid version of Powerfuzzer, comes with more features and support. Powerfuzzer v1 BETA is a free version of the tool, it is less tested, has less features and comes with no support. Powerfuzzer v1 BETA is very suitable for junior testers and folks wanting to test the software for free.top
None yet. Please refer to "Securing PHP Web Applications" by Tricia Ballad and William Ballad book as currently only documentation available.top
It is platform independent, hence powerfuzzer should run on Windows/Linux/Unix (Tested on Windows XP SP2 and Linux). Install Python (Tested with Python 2.5), wxPython (Tested with wxPython 2.8), HTML Tidy Library, ctypes, TidyLib Python wrapper and you're ready to go.
To start using the application execute powerfuzzer.exe when installed using the installer package or unzip the package and double click (execute) powerfuzzer.pytop
powerfuzzer is an Open
Source software package. It is licensed under the GNU General Public License
The project leader is Marcin Kozlowski. He is an active contributor and researcher to Open Source projects and information security arena (tools, modules, exploits, research)