Question 1

How to set up Witcher for a PHP web application?

Accepted Answer

Build a Docker container using the base PHP image, create a witcher_config.json file with paths and parameters, and run fuzzing commands via Docker exec, as detailed in the README for CGI-based access.

Question 2

Is Witcher better than Burp Suite for finding SQL injection?

Accepted Answer

Witcher excels at deep, coverage-guided fuzzing for injection flaws using AFL, potentially uncovering complex issues, but Burp Suite offers broader scanning, manual testing tools, and a user-friendly interface for general web security.

Question 3

Does Witcher support JavaScript or single-page applications?

Accepted Answer

Witcher primarily fuzzes server-side languages via CGI or interfaces; it's not designed for client-side JavaScript fuzzing, limiting its use for modern SPAs or front-end vulnerabilities.

Question 4

How to interpret Witcher fuzzing results?

Accepted Answer

Results are output to the terminal and saved in mapped directories; look for fault escalations indicating potential SQL or command injection, but manual verification is essential due to false positives.

Question 5

Can Witcher be integrated into a CI/CD pipeline?

Accepted Answer

While possible, the Docker complexity and performance overhead make it challenging; it's better suited for offline security testing rather than automated continuous integration.

Question 6

What system resources are needed to run Witcher effectively?

Accepted Answer

Witcher requires Docker, multiple CPU cores (configurable in JSON), and ample memory, as it runs fuzzing instances and containers that can be resource-intensive.

Witcher

What is Witcher?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions