The tools supports 4 types of attack types: premutate, blast, hammer and auto


This is the default attack type, which will premutate over all possible combinations of dynamic input values. For example, if you configure a request with two counters where the first counter generates values 1, 2 and 3, while the second counter generates values 4, 5, and 6, the tool will produce the following combinations: 1/4, 1/5, 1/6, 2/4, 2/5, 2/6, 3/4, 3/5 and 3/6.


This attack type will send the same request up to the defined number of iterations. The request will not permutate even when generators are used.


This attack type will continuously send the same request until paused or stopped. Like the "Blast" attack, the request will not permutate even when generators are used.


With the "auto" attack type, the request will be fuzzed automatically using secapps' security testing engine. All vulnerabilities will be automatically identified and summarised and the requests and responses will be made available for further inspection.

The "auto" attack type can be used for re-testing previously discovered vulnerabilities in a fully automated manner.