Chapter 5. Fuzzing and Brute-Forcing
One of the most helpful tools that a security tester can have is a fuzzing tool to test a parameter of an application. Fuzzing has been very effective at finding security vulnerabilities, as it can be used for finding weaknesses by scanning an application attack surface. Fuzzers can test an application for directory traversal, command execution, SQL injection, and cross site scripting vulnerabilities.
The best fuzzers are highly customizable, so in this chapter, we'll learn how to build our own fuzzers that can be used for a specific application.
The topics covered in this chapter are as follows:
- Fuzzing and brute-forcing passwords
- SSH brute-forcing
- SMTP brute-forcing
- Brute-forcing directories and file locations
- Brute-force cracking password-protected zip files
- Sulley fuzzing framework