RFuzz The Web Destroyer
RFuzz is a Ruby library to easily test web applications from the outside using a fast HttpClient and wicked evil RandomGenerator allowing the average programmer to use advanced fuzzing techniques for just pennies a day.
- A full ultra fast and light HTTP client based on the Mongrel core.
- A fast ArcFour based RandomGenerator that feeds your applications more garbage than an army of freegans eats in a day.
- A small DSL (Domain Specific Language) for running test Sessions and gathering statistics about the test.
- Integration with RSpec for organizing and running tests.
- Simple Rant scripts to generate and run whole test suites with dependencies. (in progress)
- Reporting tools for integrating with R and Ruby Reports for generating test result reports. (coming soon)
On any system that can build Mongrel (not Windows) you can install RFuzz using:
sudo gem install rfuzz
- RFuzz’s arsenal of tools means that you can test a web application starting at the dumbest level (raw random HTTP), and work your way up to carefully crafted tests to exploit commonly found flaws.
It’s not limited to random testing or security testing at all since the HttpClient and Session are able to do regular testing you’d normally do with Mechanize instead. Combined with Hpricot and you get a fast HTML validation suite as well as HTTP based testing.