HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

wfuzz — A web application bruteforcer. More information: <https://wfuzz.readthedocs.io/en/latest/user/basicu

Submitted by: @import:tldr-pages··
0
Viewed 0 times
commandcliinformationbruteforcerwebmorewfuzzapplication

Problem

How to use the wfuzz command: A web application bruteforcer. More information: <https://wfuzz.readthedocs.io/en/latest/user/basicusage.html>.

Solution

wfuzz — A web application bruteforcer. More information: <https://wfuzz.readthedocs.io/en/latest/user/basicusage.html>.

Directory and file bruteforce using the specified [w]ordlist and also [p]roxying the traffic:
wfuzz -w {{path/to/file}} -p {{127.0.0.1:8080:HTTP}} {{http://example.com/FUZZ}}


Save the results to a [f]ile:
wfuzz -w {{path/to/file}} -f {{filename}} {{http://example.com/FUZZ}}


Show [c]olorized output while only showing the declared response codes in the output:
wfuzz -c -w {{path/to/file}} --sc {{200,301,302}} {{http://example.com/FUZZ}}


Use a custom [H]eader to fuzz subdomains while [h]iding specific response [c]odes and word counts. Increase the [t]hreads to 100 and include the target ip/domain:
wfuzz -w {{path/to/file}} -H "{{Host: FUZZ.example.com}}" --hc {{301}} --hw {{222}} -t {{100}} {{example.com}}


Brute force Basic Authentication using a list of usernames and passwords from files for each FUZ[z] keyword, [h]iding response [c]odes of unsuccessful attempts:
wfuzz -c --hc {{401}} -s {{delay_between_requests_in_seconds}} -z file,{{path/to/usernames}} -z file,{{path/to/passwords}} --basic 'FUZZ:FUZ2Z' {{https://example.com}}


Provide wordlist directly from the command-line and use POST request for fuzzing:
wfuzz -z list,{{word1-word2-...}} {{https://api.example.com}} -d "{{id=FUZZ&showwallet=true}}"


Provide wordlists from a file applying base64 and md5 encoding on them (wfuzz -e encoders lists all available encoders):
wfuzz -z file,{{path/to/file}},none-base64-md5 {{https://example.com/FUZZ}}


List available encoders/payloads/iterators/printers/scripts:
wfuzz -e {{encoders|payloads|iterators|printers|scripts}}

Code Snippets

Directory and file bruteforce using the specified [w]ordlist and also [p]roxying the traffic

wfuzz -w {{path/to/file}} -p {{127.0.0.1:8080:HTTP}} {{http://example.com/FUZZ}}

Save the results to a [f]ile

wfuzz -w {{path/to/file}} -f {{filename}} {{http://example.com/FUZZ}}

Show [c]olorized output while only showing the declared response codes in the output

wfuzz -c -w {{path/to/file}} --sc {{200,301,302}} {{http://example.com/FUZZ}}

Use a custom [H]eader to fuzz subdomains while [h]iding specific response [c]odes and word counts. Increase the [t]hreads to 100 and include the target ip/domain

wfuzz -w {{path/to/file}} -H "{{Host: FUZZ.example.com}}" --hc {{301}} --hw {{222}} -t {{100}} {{example.com}}

Brute force Basic Authentication using a list of usernames and passwords from files for each FUZ[z] keyword, [h]iding response [c]odes of unsuccessful attempts

wfuzz -c --hc {{401}} -s {{delay_between_requests_in_seconds}} -z file,{{path/to/usernames}} -z file,{{path/to/passwords}} --basic 'FUZZ:FUZ2Z' {{https://example.com}}

Context

tldr-pages: common/wfuzz

Revisions (0)

No revisions yet.