■ ■ ■ ■ ■ ■
parameter-and-web-fuzzing-tools.md
| 1 | + | # Parameter and web fuzzing tools |
| 2 | + | |
| 3 | + | ```markdown |
| 4 | + | Here's the list of tools for parameter discovery: |
| 5 | + | |
| 6 | + | 1. [Parameth](https://github.com/maK-/parameth) - This tool can be used to brute discover GET and POST parameters. |
| 7 | + | 2. [Param-miner](https://github.com/PortSwigger/param-miner) - This extension identifies hidden, unlinked parameters and is particularly useful for finding web cache poisoning vulnerabilities. |
| 8 | + | 3. [ParamPamPam](https://github.com/Bo0oM/ParamPamPam) - ParamPamPam is a tool for brute discovering GET and POST parameters. |
| 9 | + | 4. [Arjun](https://github.com/s0md3v/Arjun) - Arjun is an HTTP parameter discovery suite. |
| 10 | + | 5. [ParamSpider](https://github.com/devanshbatham/ParamSpider) - ParamSpider is a tool for mining parameters from the dark corners of Web Archives. |
| 11 | + | 6. [x8](https://github.com/Sh1Yo/x8) - x8 is a hidden parameters discovery suite written in Rust. |
| 12 | + | |
| 13 | + | ``` |
| 14 | + | |
| 15 | + | ```markdown |
| 16 | + | Here's the list of web fuzzing tools: |
| 17 | + | |
| 18 | + | 1. [Fuzzingwfuzz](https://github.com/xmendez/wfuzz) - Web application fuzzer |
| 19 | + | 2. [ffuf](https://github.com/ffuf/ffuf) - Fast web fuzzer written in Go |
| 20 | + | 3. [fuzzdb](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. |
| 21 | + | 4. [IntruderPayloads](https://github.com/1N3/IntruderPayloads) - Collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads, and web pentesting methodologies and checklists. |
| 22 | + | 5. [fuzz.txt](https://github.com/Bo0oM/fuzz.txt) - Potentially dangerous files fuzz list. |
| 23 | + | 6. [fuzzilli](https://github.com/googleprojectzero/fuzzilli) - JavaScript Engine Fuzzer. |
| 24 | + | 7. [fuzzapi](https://github.com/Fuzzapi/fuzzapi) - Tool for REST API pentesting using the API_Fuzzer gem. |
| 25 | + | 8. [qsfuzz](https://github.com/ameenmaali/qsfuzz) - Query String Fuzzer for building custom rules and identifying vulnerabilities. |
| 26 | + | 9. [vaf](https://github.com/d4rckh/vaf) - Very advanced (web) fuzzer written in Nim. |
| 27 | + | rr |
| 28 | + | ``` |
| 29 | + | |