Attacks

The tools supports 4 types of attack types: premutate, blast, hammer and auto

Premutate

This is the default attack type, which will premutate over all possible combinations of dynamic input values. For example, if you configure a request with two counters where the first counter generates values 1, 2 and 3, while the second counter generates values 4, 5, and 6, the tool will produce the following combinations: 1/4, 1/5, 1/6, 2/4, 2/5, 2/6, 3/4, 3/5 and 3/6.

Blast

This attack type will send the same request up to the defined number of iterations. The request will not permutate even when generators are used.

Hammer

This attack type will continuously send the same request until paused or stopped. Like the "Blast" attack, the request will not permutate even when generators are used.

Auto

With the "auto" attack type, the request will be fuzzed automatically using secapps' security testing engine. All vulnerabilities will be automatically identified and summarised and the requests and responses will be made available for further inspection.

The "auto" attack type can be used for re-testing previously discovered vulnerabilities in a fully automated manner.