abraidotti/app_fuzzing_tools.md

## app_fuzzing_tools.md

      
    Raw
  

              app_fuzzing_tools.md
            
          
    Application Fuzzing Tools

Fuzzing is the act of testing software for vulnerabilities by injecting mutated or iterated data.
This gist mostly lists tools for web app fuzzing, but a couple for binary file fuzzing too.
Context

The general SOP for app fuzzing seems to be: recon, enumeration, then fuzzing
Tools

Recon

nMap - Network Mapper - https://nmap.org/
Fierce - find related domains - https://github.com/mschwager/fierce
Photon - a crawler - https://github.com/s0md3v/Photon
SSLscan - find certificate and cipher info - https://github.com/rbsec/sslscan
WAFW00F - see what Web Application Firewall is in use - https://github.com/EnableSecurity/wafw00f
Nikto - a web server scanner - https://cirt.net/Nikto2
Useful Firefox extensions


Cookie Quick Manager - view, edit, create, delete, backup, restore cookies - https://addons.mozilla.org/en-US/firefox/addon/cookie-quick-manager/


FoxyProxy - quickly switch browser proxies. Useful with Burp and ZAP - https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-basic/


Disconnect - see a radial graph of domains linked to the one you're on - https://addons.mozilla.org/en-US/firefox/addon/disconnect/


HTTP Headers Live - edit and resend HTTP requests - https://addons.mozilla.org/en-US/firefox/addon/http-header-live/


User Agent Switcher - https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/


Enumeration

GoBuster - a directory finder - https://github.com/OJ/gobuster
SQLmap - SQL enumerator/injector - https://github.com/sqlmapproject/sqlmap


you'll need to get the current session cookie. Example


python sqlmap.py -u "http://127.0.0.1/sqli_1.php?title=" --cookie "PHPSESSID=ca42si4nqir5md1dkj4546db92; security_level=0"


Fuzzing

Web app fuzzers

Wfuzz - The Web Fuzzer - https://github.com/xmendez/wfuzz


Wfuzz tips: https://securitybytes.io/wfuzz-using-the-web-brute-forcer-1bf8890db2f


If you install through PIP, grab the wordlists from the listed repo


Burp Suite - https://portswigger.net/burp

Learn Burp and hacking techniques for free at the Academy

ffuf - Fuzz Faster U Fool - https://github.com/ffuf/ffuf
Spike - https://github.com/guilhermeferreira/spikepp
Binary fuzzers

American Fuzzy Lop - https://github.com/google/AFL
Other tools

CeWL - custom word list generator - https://github.com/digininja/CeWL
Crunch - word list generator - https://sourceforge.net/projects/crunch-wordlist/
Daniel Miessler's lists - word lists - https://github.com/danielmiessler/SecLists
FuzzDb - word lists - https://github.com/fuzzdb-project/fuzzdb
Misc

I learned about a lot of this in an OWASP class I took on 08.24-25.2020, Fuzzing: An effective alternative to code review and penetration testing, taught by Alper Basaran.
Contact me

https://www.twitter.com/sandy___beaches