ParameterFuzz is a tool to check the level of fortification in web applications, try to cover the field more exploited by hackers, as the majority of known attacks are based on exploiting poorly filtered parameters. Just as SQL injection, Cross Site Scripting or RFI among others. This tool is designed to perform security audits manually, however it is possible to automate the audit process.
It can be used for a lot of purposes such as:
- Dictionary attacks to parameters and folders
- Manual and automatic attacks to web applications
- Browse the source code viewing
- View logs of results
- Encoder/Decoder tool
- Spidering attacks
- Leaks detection
- SQL Injection detection
- Changes in the HTTP headers
- Extract valid parameters of the source code
- imagination...¿?