choose: day|night
Open SourcePython powered Support This Project




Project news
TODO
Talks
FAQ
Documentation
Prerequisites and Installation
Mailing List
License
Download
T-shirt ?
Author(s)

    

Project news

05/30/2009 - For latest commercial Powerfuzzer technology and Online Security Assessment Service please go to Powerfuzzer Online

02/15/2009 - Powerfuzzer featured in "Securing PHP Web Applications" by Tricia Ballad, William Ballad Addison-Wesley Professional (e-book)

01/01/2008 - Added Powerfuzzer v1 BETA binary package with installer for Windows logo Windows 2000/XP (no need to install Python and modules)

12/26/2008 - Added highly requested feature to rate limit requests. Currently only available in Powerfuzzer v1.

12/03/2008 - Removed all references to ACUNETIX from this website upon their request.

11/25/2008 - www.powerfuzzer.com - registered as an official powerfuzzer domain name. Project files will be still hosted at Sourceforge.

10/22/2008 - Offering Software Subscription model for Powerfuzzer v1 (price $99/year - pay with CreditCard through PayPal or sign up for 1 yr subscription with PayPal). This will give you access to technical support and access to paid only features, plus you will support this project and secure it continuity. Great for security consultants, website owners! Powerfuzzer v1 BETA remains free with less features and no support. Powerfuzzer v1 comes with Cookie wizard (which greatly improves usability) and numerous bugfixes. Testing your website for security and quality assurance problems becomes even easier now.

09/06/2008 - applied various bugfixes for UNICODE/ASCII encoding and HTTP 500 reporting (lswww.py.patch, powerfuzzer-HTTPError-500-take2.patch, powerfuzzer.py.patch). Thanks for submitting your patches.

06/21/2008 - Powerfuzzer v1 BETA available. Several bugfixes (see CHANGES.txt). Improved BASIC AUTH and Cookie support.

02/22/2008 - Yay ... website is ready. Feel free to dl the ALPHA version, some features don't work quite well yet. Need volunteers to help. Please contact me if you're interested.

top

TODO

IMHO, In order of importance:

-add NTLM support

-add custom check field to GUI (you can specify parameters that should be passed to fuzzer module in the GUI interface)

-add GUI to getcookie.py (incorporate into pf GUI?) - done

-modularize checks performed by the scanning engine, so that users can add their customized checks/modules/plugins

-add threading to scanning engine (for super fast scanning)

-improve GUI/reporting

-documentation/tutorials

top

Talks

Contact me

top

FAQ

Q: How do I set a proxy in Powerfuzzer ?

A: Set it in GUI in AAA.BBB.CCC.DDD:PORT (i.e 192.168.1.1:8000) format

Q: Is Powerfuzzer supporting HTTPS ?

A: Yes, just type your URL using https://

Q: How do I set cookies in Powerfuzzer ?

A: Paid version (Powerfuzzer v1) comes with the wizard, in free and unsupported version (Powerfuzzer v1 BETA) you specify cookies in a text file and later point Powerfuzzer to that file.

Q: How do I instruct Powerfuzzer not to go to logout page ?

A: Put logout page URL in 'Exclude URL(s) or dir' section. You can also exclude whole directories (i.e http://target_domain/folder/*)

Q: What are the differences between Powerfuzzer v1 and Powerfuzzer v1 BETA ?

A: Powerfuzzer v1 is a software subscription based paid version of Powerfuzzer, comes with more features and support. Powerfuzzer v1 BETA is a free version of the tool, it is less tested, has less features and comes with no support. Powerfuzzer v1 BETA is very suitable for junior testers and folks wanting to test the software for free.

top

Documentation

None yet. Please refer to "Securing PHP Web Applications" by Tricia Ballad and William Ballad book as currently only documentation available.

top

Prerequisites and Installation

It is platform independent, hence powerfuzzer should run on Windows/Linux/Unix (Tested on Windows XP SP2 and Linux). Install Python (Tested with Python 2.5), wxPython (Tested with wxPython 2.8), HTML Tidy Library, ctypes, TidyLib Python wrapper and you're ready to go.

To start using the application execute powerfuzzer.exe when installed using the installer package or unzip the package and double click (execute) powerfuzzer.py

top

Mailing List

None yet

top

License

powerfuzzer is an Open Source software package. It is licensed under the GNU General Public License Version 3.

top

Download

You can download a binary installer (no need to install and download anything additional like Python, libraries and modules - skip Prerequisites and Installation step ) or release package with source code (follow Prerequisites and Installation step):

Here

T-shirt ?

Get one of these puppies ... brand new:

######### #########

Author(s)

The project leader is Marcin Kozlowski. He is an active contributor and researcher to Open Source projects and information security arena (tools, modules, exploits, research)

SourceForge.net Logo

In affiliation with Powerfuzzer Online, Joomla Scanner and Wordpress Scanner External Vulnerability Scanning service. All trademarks used are properties of their respective owners.