Published on August 11th, 2011 | by NJ Ouchn0
Black Hat USA 2011: ToolsTube with Christian Martorella on WFuzz & WebSlayer v2.0
Wfuzz is a tool designed for brute forcing Web Applications, it can be used to discover resources (directories, scripts, files), brute force GET and POST parameters, brute force forms parameters (User/Password), Fuzzing, Basic and NTLM brute forcing. The tool is very flexible and is the one stop solution for Web Applications brute forcing.
This new version includes a re designed payload management, payload combinations and randomization, improved output, no limit in injection points(you can use as many as you want), SOCKs support, multiple proxies (the requests will be send through a different proxy each time) and time delay between requests, plus all the previous features like multiple encodings.
Webslayer is the GUI front-end with advanced features like an advanced Payload generation engine and flexible result analysis.
Christian Martorella has been working in the field of information security for the last 10 years, starting his career in Argentina IRS as security consultant, now he’s Practice Leader in Threat and Vulnerability Consulting- EMEA in Verizon Business. He is cofounder an active member of Edge-Security team, where security tools and research is released. He has been speaker at What The Hack!, NoConName, FIST Conferences, OWASP Summit and OWASP Spain IV & VI, Source Conference Barcelona and Hack.LU. Christian has contributed with open source assessment tools like OWASP WebSlayer and Metagoofil. He likes all related to Information Gathering and Penetration testing.