LinuxCommandLibrary

wfuzz

TLDR

Fuzz URL parameter

$ wfuzz -c -z file,[wordlist.txt] "[http://target/?param=FUZZ]"
copy
Fuzz directory
$ wfuzz -c -z file,[dirs.txt] "[http://target/FUZZ]"
copy
POST data fuzzing
$ wfuzz -c -z file,[wordlist.txt] -d "user=admin&pass=FUZZ" "[http://target/login]"
copy
Filter by response code
$ wfuzz -c --hc 404 -z file,[wordlist.txt] "[http://target/FUZZ]"
copy
Filter by response size
$ wfuzz -c --hl 0 -z file,[wordlist.txt] "[http://target/FUZZ]"
copy
Multiple fuzz points
$ wfuzz -c -z file,[users.txt] -z file,[passwords.txt] "[http://target/?u=FUZ2Z&p=FUZZ]"
copy

SYNOPSIS

wfuzz [-c] [-z type,data] [--hc codes] [options] url

DESCRIPTION

wfuzz fuzzes web applications. It brute-forces parameters, directories, and more.
FUZZ keyword marks injection point. Payloads replace FUZZ.
Multiple fuzz points use FUZ2Z, FUZ3Z. Combine wordlists.
Filtering hides uninteresting responses. Focus on anomalies.
Payloads include files, ranges, encoders. Flexible input.

PARAMETERS

-z TYPE,DATA

Payload specification.
-c
Color output.
--hc CODES
Hide response codes.
--hl LINES
Hide by line count.
--hw WORDS
Hide by word count.
--hh CHARS
Hide by char count.
-d DATA
POST data.
-H HEADER
HTTP header.
-t N
Threads.

CAVEATS

For authorized testing only. Rate limiting may be needed. Large wordlists are slow.

HISTORY

wfuzz was created by Christian Martorella (Edge-Security) for web application testing. It's a standard tool in penetration testing.

SEE ALSO

ffuf(1), gobuster(1), dirb(1)

Copied to clipboard