./security/wfuzz, Web application fuzzer

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.1.0nb4, Package name: wfuzz-3.1.0nb4, Maintainer: leot

Wfuzz has been created to facilitate the task in web applications
assessments and it is based on a simple concept: it replaces any
reference to the FUZZ keyword by the value of a given payload.

A payload in Wfuzz is a source of data.

This simple concept allows any input to be injected in any field of an
HTTP request, allowing to perform complex web security attacks in
different web application components such as: parameters,
authentication, forms, directories/files, headers, etc.

Wfuzz is more than a web content scanner:

- Wfuzz could help you to secure your web applications by finding and
exploiting web application vulnerabilities. Wfuzz's web application
vulnerability scanner is supported by plugins.
- Wfuzz is a completely modular framework and makes it easy for even
the newest of Python developers to contribute. Building plugins is
simple and takes little more than a few minutes.
- Wfuzz exposes a simple language interface to the previous HTTP
requests/responses performed using Wfuzz or other tools, such as Burp.
This allows you to perform manual and semi-automatic tests with full
context and understanding of your actions, without relying on a web
application scanner underlying implementation.


Master sites:

Filesize: 100.683 KB

Version history: (Expand)


CVS history: (Expand)


   2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247)
Log message:
*: recursive bump for Python 3.11 as new default
   2023-02-10 15:37:20 by Thomas Klausner | Files touched by this commit (2)
Log message:
wfuzz: fix invalid pattern

Fixes build.
   2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524)
Log message:
*: Revbump packages that use Python at runtime without a PKGNAME prefix
   2022-01-05 16:41:32 by Thomas Klausner | Files touched by this commit (289)
Log message:
python: egg.mk: add USE_PKG_RESOURCES flag

This flag should be set for packages that import pkg_resources
and thus need setuptools after the build step.

Set this flag for packages that need it and bump PKGREVISION.
   2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595)
Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2021-03-06 22:05:33 by Leonardo Taccari | Files touched by this commit (4)
Log message:
security/wfuzz: import wfuzz-3.1.0

Wfuzz has been created to facilitate the task in web applications
assessments and it is based on a simple concept: it replaces any
reference to the FUZZ keyword by the value of a given payload.

A payload in Wfuzz is a source of data.

This simple concept allows any input to be injected in any field of an
HTTP request, allowing to perform complex web security attacks in
different web application components such as: parameters,
authentication, forms, directories/files, headers, etc.

Wfuzz is more than a web content scanner:

 - Wfuzz could help you to secure your web applications by finding and
   exploiting web application vulnerabilities. Wfuzz's web application
   vulnerability scanner is supported by plugins.
 - Wfuzz is a completely modular framework and makes it easy for even
   the newest of Python developers to contribute. Building plugins is
   simple and takes little more than a few minutes.
 - Wfuzz exposes a simple language interface to the previous HTTP
   requests/responses performed using Wfuzz or other tools, such as Burp.
   This allows you to perform manual and semi-automatic tests with full
   context and understanding of your actions, without relying on a web
   application scanner underlying implementation.