Blazer v-02 released : AMF Testing Made Easy!

Blazer is a custom AMF messages generator with fuzzing capabilities, developed as Burp Suite plugin. It is designed and implemented to make AMF testing easy, and yet allows researchers to control fully the entire security testing process.

Using Blazer, testing AMF-based applications is easier and more robust. As it is highly integrated in a well-known testing suite, web security practitioners can start to use the tool with minimal setup in few seconds.
Blazer implements a new testing approach, introduced at Black Hat USA 2012. This automated gray-box testing technique allows security researchers to improve the coverage and the effectiveness of fuzzing efforts targeting complex applications.

For further details, please refer to the original whitepaper and presentation.

  • Automatic Java objects generation from method signatures via Java reflection and “best-fit” heuristics
  • Fuzzing capabilities, with customizable data pools and attack vectors
  • Ability to start, pause, restore and stop testing
  • Easy-to-use internal methods to construct custom AMF messages
  • Embedded BeanShell for manual testing
  • Highly integrated in Burp Suite
  • Support for Java server-side remoting technologies (Adobe BlazeDS, Adobe LiveCycle Data Services, GraniteDS, …)
  • Blazer has been developed in Java as a Burp Suite plugin and released under the GNU General Public License. Burp plugins are supported by both versions (free and professional) of the Burp Suite. All major operating systems (Windows, Mac, Linux) with standard Oracle JRE installed are supported by Blazer.

Download In here | Read more right here

Phuzzy – Php Fuzzer

Fuzzing is a technique of finding bugs by generating random function calls.

This script needs an sqlite database containing function information. This database can be obtained from

download the source code as a zip or tarball above.

Platform : Windows & Linux

Read more in here :

bed 0.3

 BED is a program which is designed to check daemons for   potential buffer overflows, format string bugs et. al.   BED simply sends the commands to the server and checks   whether it is still alive afterwards.   Of course this will not detect all bugs of the specified   daemon but it will (at least it should) help you to   check your software for common vulnerabilities.

Code Review in here

How to usage : [website]

  Author :

Eric Sesterhenn aka. ‘Snakebyte’



Martin J. Muench aka. ‘mjm’



Platform : Unix/Linux


SFuzz – Simple Fuzzer V0.7.0 released

Simple Fuzzer is a simple fuzzing framework which allows rapid development of protocol fuzzers for blackbox testing. It can fuzz across networks using TCP/UDP, IP4/IP6, and can be extended via plugins to perform in-depth fuzzing.

Release Notes v0.7.0: Block-based fuzzing has been added, and is still implemented in a simple fashion. A number of memory corruption bugs in the string replacement engine have been resolved. A basic browser-fuzzer is included in this release. The start of a fuzzing oracle to monitor program health is included. While it is not close to the design of the final version, it should be functional to save off crashes

Download : | Linuxsfuzz-0.7.0.tar.bz2

Read more in here :

pwnfuzzer Beta – Http fuzzer tool

PwnFuzzer is a java tool that sends http requests and try to guess the password of the users list.
It is easy to use and configurable. Screenshot :


When you build an Java application project that has a main class, the IDE
automatically copies all of the JAR
files on the projects classpath to your projects dist/lib folder. The IDE
also adds each of the JAR files to the Class-Path element in the application
JAR files manifest file (MANIFEST.MF).

To run the project from the command line, go to the dist folder and
type the following:

java -jar “PwnFuzzer-0.1.0.jar”

To distribute this project, zip up the dist folder (including the lib folder)
and distribute the ZIP file.

Download  : 

Read more in here :

hwk Beta – hwk is a tool used for wireless lan pentests

hwk is an easy-to-use application used to attack and discover wireless networks. It’s providing various modes such as authentication/deauthentication flood, beacon and probe response fuzzing.

Platform : Unix/linux

  • probe resonse fuzzing
  • authentication flood
  • deauthentication flood
  • antenna alignment
  • deauthentication flood agains all data connections
  • stress testing
  • beacon injection
  • injection testing
  • wlan
  • wireless hacking

Downloadhwk_0.3.2.tar.gz (257.5 kB)

Find Other version | Read more in here

PHP Vulnerability Hunter v.

PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool.  

PHP Vulnerability Hunter v.

This is the application that detected almost all of the web application 

vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI. 

Added code coverage report
Updated GUI validation
Several instrumentation fixes
Fixed lingering connection issue
Fixed GUI and report viewer crashes related to working directory

Download :

More :