Link Search Menu Expand Document


A web application bruteforcer. More information:

  • Directory and file bruteforce using the specified wordlist and also proxying the traffic:

wfuzz -w {{path/to/file}} -p {{}} {{}}

  • Save the results to a file:

wfuzz -w {{path/to/file}} -f {{filename}} {{}}

  • Show colorized output while only showing the declared response codes in the output:

wfuzz -c -w {{path/to/file}} --sc {{200,301,302}} {{}}

  • Use a custom header to fuzz subdomains while hiding specific response codes and word counts. Increase the threads to 100 and include the target ip/domain:

wfuzz -w {{path/to/file}} -H {{"Host:"}} --hc {{301}} --hw {{222}} -t {{100}} {{}}