wfuzz

Fuzz URL parameter

$ wfuzz -c -z file,[wordlist.txt] "[http://target/?param=FUZZ]"

$ wfuzz -c -z file,[dirs.txt] "[http://target/FUZZ]"

$ wfuzz -c -z file,[wordlist.txt] -d "user=admin&pass=FUZZ" "[http://target/login]"

$ wfuzz -c --hc 404 -z file,[wordlist.txt] "[http://target/FUZZ]"

$ wfuzz -c --hl 0 -z file,[wordlist.txt] "[http://target/FUZZ]"

$ wfuzz -c -z file,[users.txt] -z file,[passwords.txt] "[http://target/?u=FUZ2Z&p=FUZZ]"

wfuzz [-c] [-z type,data] [--hc codes] [options] url

wfuzz is a web application security testing tool that performs brute-force discovery of directories, parameters, forms, and other injection points. It replaces the FUZZ keyword in URLs, headers, or POST data with entries from wordlists or other payload sources.
Multiple injection points can be used simultaneously with FUZ2Z, FUZ3Z markers, allowing combined username and password attacks or multi-parameter fuzzing. Response filtering by status code, line count, word count, or character count hides uninteresting results and highlights anomalies that may indicate vulnerabilities.
Payload sources include wordlist files, numeric ranges, and encoded variants. Multi-threading speeds up testing, and colored output makes results easier to scan. The tool is commonly used for directory enumeration, parameter discovery, and authentication testing in authorized security assessments.

-z TYPE,DATA

Payload specification.

Color output.

Hide response codes.

Hide by line count.

Hide by word count.

Hide by char count.

POST data.

HTTP header.

Threads.

For authorized testing only. Rate limiting may be needed. Large wordlists are slow.

wfuzz was created by Christian Martorella (Edge-Security) for web application testing. It's a standard tool in penetration testing.

ffuf(1), gobuster(1), dirb(1)