[sweatypalmer]

This may be a stupid question, but what makes this a fuzzer exactly?

I think would call this a formatter, as it doesn't seem to do any mutations or executions itself. I would call AFL a fuzzer.

I would think at the minimum a fuzzer would more or less copy the mutation aspect, because to me that's what makes fuzzers uniquely useful.

Curious to hear your thoughts, or if mutations are a planned feature I missed

[codesoap]

It seems to me like "fuzzing" has a different meaning in web application penetration testing. Here, "fuzzer" is a term for tools that just generate different request using wordlists, without adding any mutations. For example, the two popular tools ffuf [1] and wfuzz [2] also call themselves fuzzers.

I see how reusing a term for a different concept is bothersome, but I feel like "fuzzer" is the term that people learning about bug bounty hunting are familiar with.

[1] https://github.com/ffuf/ffuf

[2] https://wfuzz.readthedocs.io/en/latest/

[tptacek]

Yeah, this is generally what people mean by "web fuzzing".