This tool can efficiently permutate over millions of values with the help of "generators" such as counter and list.

To use a generator simply start typing into any of the text fields, i.e. counter will create the counter generator. You can also select the generator from the dropdown list associated with the targeted text field.

Keep in mind that the generators will produce multiple values only when used with the Permutate attack type. Blast and Hammer attack types will use only the first value of each generator.


The counter is a generator which can create values between two indexes with a step. For example, if the start index is 1 and end index is 10 with step 1, the counter will produce the following values: 1, 2, 3, 4, 5, 6, 7, 8, 9 and 10

Reverse counting can be achieved with a negative step. For example, a counter with start index 100 and end index 0 with step -10 will produce the following values: 100, 90, 80, 70, 60, 50, 40, 30, 20, 10 and 0


The list generates values from an user-supplied list where each line is a seperate item. A list with the following contents:


... will produce values: word, pronounce and adjective.


The dictionary generator is just like the list generator but with much more powerful features builtin. For example, you can use a dictionary to load a file from disk or from popular databases such as dirbuster, fuzzdb, dnspop and many more. This is one of the most powerful generator you can use especially when you are looking for interesting input validation vulnerabilities.

Once the list loaded, each line will be interpreted as a separate value. For example a dictionary with the following contents:


... will produce values: a, b, c and d.


The CIDR generator can be used to generate IP addresses from IP ranges in CIDR notation. For example, will generate all IP addresses from to


This generator will generate all combinations of the specified character set between the minum and maximum defined lengths. This is useful in case you want to bruteforce a string sequentially.


The JSON fuzz generator can be used to recursively iterate over a JSON object substituting each value or array item with the specified payload. This generator can be used with all of the other generators to create powerful setups capable of finding a wide-range of interesting bugs.

Query Fuzz

The Query fuzz generator is similar to the JSON Fuzz generator accept that it works with query parameters instead of JSON objects.