Predictable credentials Predictable sessions identifier (session id

1.  
2.  
3. Predictable credentials
4. Predictable sessions identifier (session idʼs)
5. Predictable resource location (directories and files)
6. Injections
7. Path traversals
8. Overflows
9. Cross site scripting
10. Authentication flaws
11. Insecure direct object references
12.  
13. Features:
14.  
15. Multiple Injection points capability with multiple dictionaries
16. Recursion (When doing directory bruteforce)
17. Post, headers and authentication data brute forcing
18. Output to HTML
19. Colored output
20. Hide results by return code, word numbers, line numbers, regex
21. Cookies fuzzing
22. Multi threading
23. Proxy support
24. SOCK support
25. Time delays between requests
26. Authentication support (NTLM, Basic)
27. All parameters bruteforcing (POST and GET)
28. Multiple encoders per payload
29. Payload combinations with iterators
30. Baseline request (to filter results against)
31. Brute force HTTP methods
32. Multiple proxy support (each request through a different proxy)
33. HEAD scan (faster for resource discovery)
34. Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more