[ Security Tool ] Orafuzz Version 2 – HTTP Fuzzing Tool
This application is a rewrite of my original fuzzer. Several features have been added as well as a full user-friendly GUI.
Additionally the major change in this version is the ability to modify and add the attack strings through the provided sample list. This adds to the overall flexibility of the application.
Additionally the application now supports both POST and GET requests.
The provided text file “attackstrings.txt” contains a list of attack request strings, this file must reside in the applications root directory.
This can also be used to determine whether vulnerability “CVE-2007-1036 JBoss JMX-Console Access Vulnerability” exists on a particular server.
You can try for yourself a target with google, and a google dork: inurl: /reports/rwservlet/help?
As mentioned the contents can be modified to suit the attackers needs.
The sample contents of the “attackstrings.txt” file are as below:
The application and code can be downloaded and viewed below: