It is an Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to find anomalies/vulnerabilities. These tests can follow web parameters, files, directories, forms and others.

Features:

Brute force login and passwords in auth forms

Directory disclosure ( use PATH list to brute, and find HTTP status code )

Test to find SQL Injection and XSS vulnerabilities

Options to load ANTI-CSRF token each request

Options to use random proxy per request

and More...





Each parameter is a resource function to help you

When you view character ’ ˆ ’(circumflex) this is lexical character this represents the payload to replace each line in text file

The parameter "–log" you need use always

The parameter "–host" you need use always

The parameter "–save response" if you use on end command, save Responses of requests, so if you click in "status code" at javascript table you can view response with highlights.





Tamper resource:

Tamper is a function to use camouflage in your payload, this way you can bypass web application firewall

Each option use a different technique to hide the payload

You need to remember to using proxy list per Request to try to walk in stealth to work without blacklists.

0d1n is a tool for automating customized attacks against web applications.Rules you need know about parameters: