wfuzz
Wfuzz can be used to look for hidden content, such as files and directories, within a web server, allowing to find further attack vectors. It is worth noting that, the success of this task depends highly on the dictionaries used.
Details
Category: Fuzzing
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/wfuzz:3.1.0
Source URL: https://github.com/xmendez/wfuzz
Parameters
field
string
Command:
--field
- Do not show the payload but only the specified language expression. Repeat for various fields.cookie
string
Command:
-b
- Specify a cookie for the requests. Repeat option for various cookies.efield
string
Command:
--efield
- Show the specified language expression together with the current payload. Repeat for various fields.header
string
Command:
-H
- Use header (ex:Cookie:id=1312321&user=FUZZ). Repeat option for various headers.recipe
string
Command:
--recipe
- Reads options from a recipe. Repeat for various recipes.ip-proxy
string
Command:
-p
- Use Proxy in format ip:port:type. Repeat option for using various proxies.wordlist
file
requiredCommand:
-w
- Specify a wordlist file (alias for -z file,wordlist).ntlm-auth
string
Command:
--ntlm
- in format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZpost-data
string
Command:
-d
- Use post data (ex: id=FUZZ&catalogue=1)scan-mode
boolean
Command:
-Z
- Scan mode (Connection errors will be ignored)basic-auth
string
Command:
--basic
- in format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZdigest-auth
string
Command:
--digest
- in format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZdump-recipe
string
Command:
--dump-recipe
- Prints current options as a recipehttp-method
string
Command:
-X
- Specify an HTTP method for the request, ie. HEAD or FUZZscript-scan
string
Command:
--script
- Equivalent to --script=defaultcolor-output
boolean
Command:
-c
- Output with colorspayload-args
string
Command:
--zP
- Arguments for the specified payload (it must be preceded by -z or -w).filter-payload
string
Command:
--slice
- Filter payload's elements using the specified expression. It must be preceded by -z.max-link-depth
string
Command:
-D
- Maximum link depth level.no-http-request
boolean
Command:
--dry-run
- Print the results of applying the requests without actually making any HTTP request.payload-encoder
string
Command:
--zE
- Encoder for the specified payload (it must be preceded by -z or -w).request-timeout
string
Command:
--req-delay
- Sets the maximum time in seconds the request is allowed to take (CURLOPT_TIMEOUT). Default 90.specify-payload
file
Command:
-z
- Specify a payload for each FUZZ keyword used in the form of name[,parameter][,encoder].A list of encoders can be used, ie. md5-sha1. Encoders can be chained, ie. md5@sha1. Encoders category can be used. ie. urlurl-for-request
string
requiredCommand:
- Specify a URL for the request.filter-responses
string
Command:
--filter
- Show/hide responses using the specified filter expression (Use BBB for taking values from baseline)payload-iterator
string
Command:
-m
- Specify an iterator for combining payloadsconnection-timeout
string
Command:
--conn-delay
- Sets the maximum time in seconds the connection phase to the server to take (CURLOPT_CONNECTTIMEOUT). Default 90.hide-response-code
string
Command:
--hc
- Hide responses with the specified code (Use BBB for taking values from baseline)show-response-code
string
Command:
--sc
- Show responses with the specified code (Use BBB for taking values from baseline)hide-response-chars
string
Command:
--hh
- Hide responses with the specified code/lines/words/chars (Use BBB for taking values from baseline)hide-response-lines
string
Command:
--hl
- Hide responses with the specified lines (Use BBB for taking values from baseline)hide-response-words
string
Command:
--hw
- Hide responses with the specified words (Use BBB for taking values from baseline)max-recursion-level
string
Command:
-R
- Recursive path discovery being depth the maximum recursion level.show-response-chars
string
Command:
--sh
- Show responses with the specified chars (Use BBB for taking values from baseline)show-response-lines
string
Command:
--sl
- Show responses with the specified lines (Use BBB for taking values from baseline)show-response-words
string
Command:
--sw
- Show responses with the specified words (Use BBB for taking values from baseline)concurent-connections
string
Command:
-t
- Specify the number of concurrent connections (10 default)disable-plugins-cache
boolean
Command:
--no-cache
- Disable plugins cache. Every request will be scanned.filter-before-fuzzing
string
Command:
--prefilter
- Filter items before fuzzing using the specified expression. Repeat for concatenating filters.previous-http-request
boolean
Command:
--prev
- Print the previous HTTP requests (only when using payloads generating fuzzresults)all-params-bruteforcing
string
Command:
-V
- All parameters bruteforcing (allvars and allpost). No need for FUZZ keyword.provide-args-to-scripts
string
Command:
--script-args
- Provide arguments to scripts. ie. --script-args grep.regex=<A href=(.*?)>follow-http-redirections
string
Command:
-L
- Follow HTTP redirectionsip-and-port-to-connect-to
string
Command:
--ip
- Specify an IP to connect to instead of the URL's host in the format ip:portfilter-items-before-fuzzing
string
Command:
--prefilter
- Filter items before fuzzing using the specified expression. Repeat for concatenating filters.time-delay-between-requestts
string
Command:
-s
- Specify time delay between requests