A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
fuzzdb is a comprehensive set of known attack pattern sequences, predictable locations, and error messages for intelligent brute force testing and exploit condition identification of web applications, categorized by attack type, platform, and application.
Because of the popularity of a small number of server types, platforms, and package formats, resources such as logfiles and administrative directories are typically located in a small number of predictable locations. A comprehensive database of these, sorted by platform type, makes brute force fuzz testing a scalpel-like approach.
Since system errors contain predictable strings, fuzzdb contains lists of error messages to be pattern matched against server output in order to aid detection software security defects.
Primary sources used for attack pattern research:
- researching old web exploits for repeatable attack strings
- scraping scanner patterns from http logs
- various books, articles, blog posts, mailing list threads
- patterns gleaned from other open source fuzzers and pentest tools
- analysis of default app installs
- system and application documentation
- error messages
As it is in the beta version, we would like to have some kind of reporting output for better understanding and as it relies on database exploits, we would also like to add, edit the exploit database in its alpha edition.
- fuzzdb-1.07.tgz Lots more sqli.
Discovery patterns of common files containing passwds and common login filenames
Download fuzzdb version 1.07 here
Searches leading to this post:attack on discover, attack pattern tool, fuzzing attack, open source web application fuzzer, Spiderpig fuzz download


