Link Search Menu Expand Document


A web application bruteforcer. More information:

  • Directory and file bruteforce using the specified [w]ordlist and also [p]roxying the traffic:

wfuzz -w {{path/to/file}} -p {{}} {{}}

  • Save the results to a [f]ile:

wfuzz -w {{path/to/file}} -f {{filename}} {{}}

  • Show [c]olorized output while only showing the declared response codes in the output:

wfuzz -c -w {{path/to/file}} --sc {{200,301,302}} {{}}

  • Use a custom [H]eader to fuzz subdomains while [h]iding specific response [c]odes and word counts. Increase the [t]hreads to 100 and include the target ip/domain:

wfuzz -w {{path/to/file}} -H {{"Host:"}} --hc {{301}} --hw {{222}} -t {{100}} {{}}

  • Brute force Basic Authentication using a list of usernames and passwords from files for each FUZ[z] keyword, [h]iding response [c]odes of unsuccessful attempts:

wfuzz -c --hc {{401}} -s {{delay_between_requests_in_seconds}} -z file,{{path/to/usernames}} -z file,{{path/to/passwords}} --basic 'FUZZ:FUZ2Z' {{}}

  • Provide wordlist directly from the command line and use POST request for fuzzing:

wfuzz -z list,{{word1-word2-...}} {{}} -d {{"id=FUZZ&showwallet=true"}}

  • Provide wordlists from a file applying base64 and md5 encoding on them (wfuzz -e encoders lists all available encoders):

wfuzz -z file,{{path/to/file}},none-base64-md5 {{}}

  • List available encoders/payloads/iterators/printers/scripts:

wfuzz -e {{encoders|payloads|iterators|printers|scripts}}