wfuzz
Wfuzz can be used to look for hidden content, such as files and directories, within a web server, allowing to find further attack vectors. It is worth noting that, the success of this task depends highly on the dictionaries used.
Name:wfuzz
Category:Fuzzing
Publisher:trickest
Created:6/23/2021
Container:
quay.io/trickest/wfuzz:3.1.0Output Type:
License:Unknown
Source:View Source
Parameters
--fieldDo not show the payload but only the specified language expression. Repeat for various fields.-bSpecify a cookie for the requests. Repeat option for various cookies.--efieldShow the specified language expression together with the current payload. Repeat for various fields.-HUse header (ex:Cookie:id=1312321&user=FUZZ). Repeat option for various headers.--recipeReads options from a recipe. Repeat for various recipes.-pUse Proxy in format ip:port:type. Repeat option for using various proxies.-wSpecify a wordlist file (alias for -z file,wordlist).--ntlmin format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZ-dUse post data (ex: id=FUZZ&catalogue=1)-ZScan mode (Connection errors will be ignored)--basicin format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZ--digestin format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZ--dump-recipePrints current options as a recipe-XSpecify an HTTP method for the request, ie. HEAD or FUZZ--scriptEquivalent to --script=default-cOutput with colors--zPArguments for the specified payload (it must be preceded by -z or -w).--sliceFilter payload's elements using the specified expression. It must be preceded by -z.-DMaximum link depth level.--dry-runPrint the results of applying the requests without actually making any HTTP request.--zEEncoder for the specified payload (it must be preceded by -z or -w).--req-delaySets the maximum time in seconds the request is allowed to take (CURLOPT_TIMEOUT). Default 90.-zSpecify a payload for each FUZZ keyword used in the form of name[,parameter][,encoder].A list of encoders can be used, ie. md5-sha1. Encoders can be chained, ie. md5@sha1. Encoders category can be used. ie. url--filterShow/hide responses using the specified filter expression (Use BBB for taking values from baseline)-mSpecify an iterator for combining payloads--conn-delaySets the maximum time in seconds the connection phase to the server to take (CURLOPT_CONNECTTIMEOUT). Default 90.--hcHide responses with the specified code (Use BBB for taking values from baseline)--scShow responses with the specified code (Use BBB for taking values from baseline)--hhHide responses with the specified code/lines/words/chars (Use BBB for taking values from baseline)--hlHide responses with the specified lines (Use BBB for taking values from baseline)--hwHide responses with the specified words (Use BBB for taking values from baseline)-RRecursive path discovery being depth the maximum recursion level.--shShow responses with the specified chars (Use BBB for taking values from baseline)--slShow responses with the specified lines (Use BBB for taking values from baseline)--swShow responses with the specified words (Use BBB for taking values from baseline)-tSpecify the number of concurrent connections (10 default)--no-cacheDisable plugins cache. Every request will be scanned.--prefilterFilter items before fuzzing using the specified expression. Repeat for concatenating filters.--prevPrint the previous HTTP requests (only when using payloads generating fuzzresults)-VAll parameters bruteforcing (allvars and allpost). No need for FUZZ keyword.--script-argsProvide arguments to scripts. ie. --script-args grep.regex=<A href=(.*?)>-LFollow HTTP redirections--ipSpecify an IP to connect to instead of the URL's host in the format ip:port--prefilterFilter items before fuzzing using the specified expression. Repeat for concatenating filters.-sSpecify time delay between requests