WFuzz

Description

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

Some features:

  • Multiple Injection points capability with multiple dictionaries

  • Recursion (When doing directory bruteforce)

  • Post, headers and authentication data brute forcing

  • Output to HTML

  • Colored output

  • Hide results by return code, word numbers, line numbers, regex

  • Cookies fuzzing

  • Multi threading

  • Proxy support

  • SOCK support

  • Time delays between requests

  • Authentication support (NTLM, Basic)

  • All parameters bruteforcing (POST and GET)

  • Multiple encoders per payload

  • Payload combinations with iterators

  • Baseline request (to filter results against)

  • Brute force HTTP methods

  • Multiple proxy support (each request through a different proxy)

  • HEAD scan (faster for resource discovery)

  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more

Usage

Syntax

wfuzz [options] <url>

Options

-c			    : Output with colors
-v			    : Verbose information
-o printer		    : Output format by stderr

-p addr			    : use Proxy (ip:port or ip:port-ip:port-ip:port)
-x type			    : use SOCK proxy (SOCKS4,SOCKS5)
-t N			    : Specify the number of threads (20 default)
-s N			    : Specify time delay between requests (0 default)

-e <type>		    : List of available encodings/payloads/iterators/printers
-R depth		    : Recursive path discovery
-I			    : Use HTTP HEAD instead of GET method (No HTML body responses). 
--follow		    : Follow redirections

-m iterator		    : Specify iterator (product by default)
-z payload		    : Specify payload (type,parameters,encoding)
-V alltype		    : All parameters bruteforcing (allvars and allpost). No need for FUZZ keyword.

-X			    : Payload within HTTP methods (ex: "FUZZ HTTP/1.0"). No need for FUZZ keyword.
-b cookie		    : Specify a cookie for the requests
-d postdata 		    : Use post data (ex: "id=FUZZ&catalogue=1")
-H headers  		    : Use headers (ex:"Host:www.mysite.com,Cookie:id=1312321&user=FUZZ")

--basic/ntlm/digest auth    : in format "user:pass" or "FUZZ:FUZZ" or "domain\FUZ2Z:FUZZ"

--hc/hl/hw/hh N[,N]+	    : Hide resposnes with the specified[s] code/lines/words/chars (Use BBB for taking values from baseline)
--hs regex		    : Hide responses with the specified regex within the response

Example 

cyborg@cyborg:~$  sudo wfuzz -c -z file,/pentest/web/wfuzz/wordlist/general/common.txt --hc 404 http://192.168.1.18/FUZZ

********************************************************
* Wfuzz  2.0 - The Web Bruteforcer                     *
********************************************************

Target: http://192.168.1.18/FUZZ
Payload type: file,/penteset/web/wfuzz/wordlist/general/common.txt

Total requests: 950
==================================================================
ID  Response   Lines      Word         Chars          Request    
==================================================================

00245:  C=200      4 L        19 W      153 Ch    " - index"
00253:  C=200     17 L        22 W      250 Ch    " - var"
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?