fuzzdb: Attack and Discovery Pattern Database for Web Application Fuzz Testing

**adamm** · 04-29-2010, 06:22 AM

fuzzdb is a comprehensive set of known attack pattern sequences, predictable locations, and error messages for intelligent brute force testing and exploit condition identification of web applications, categorized by attack type, platform, and application.

It's like a non-automated open source scanner without the scanner. I most frequently use it with Burp Intruder.

fuzzdb - Project Hosting on Google Code

You use the download .tgz expanded and installed using your own .deb based package system. It's contents are an anonymous svn checkout, so someone could update on the fly from the repo or just wait for your .deb repo to get the new download version.

**r3m0t3** · 11-16-2010, 07:01 AM

Good resource routinely used in pentest. This should be added.

BackTrack Linux - Penetration Testing Distribution

Thread: fuzzdb: Attack and Discovery Pattern Database for Web Application Fuzz Testing

Thread Tools

Search Thread

Display

fuzzdb: Attack and Discovery Pattern Database for Web Application Fuzz Testing

Re: fuzzdb: Attack and Discovery Pattern Database for Web Application Fuzz Testing

Similar Threads

Looking to learn web application testing, any pointers?

WPA TKIP RC4 keystream discovery attack Part.2

Testing cold fusion application ????

fuzz messenger

Testing web based application

Posting Permissions