Details

Category: Fuzzing

Publisher: trickest

Created Date: 6/23/2021

Container: quay.io/trickest/wfuzz:3.1.0

Source URL: https://github.com/xmendez/wfuzz

Parameters

field
string
Command: --field - Do not show the payload but only the specified language expression. Repeat for various fields.
cookie
string
Command: -b - Specify a cookie for the requests. Repeat option for various cookies.
efield
string
Command: --efield - Show the specified language expression together with the current payload. Repeat for various fields.
header
string
Command: -H - Use header (ex:Cookie:id=1312321&user=FUZZ). Repeat option for various headers.
recipe
string
Command: --recipe - Reads options from a recipe. Repeat for various recipes.
ip-proxy
string
Command: -p - Use Proxy in format ip:port:type. Repeat option for using various proxies.
wordlist
file
required
Command: -w - Specify a wordlist file (alias for -z file,wordlist).
ntlm-auth
string
Command: --ntlm - in format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZ
post-data
string
Command: -d - Use post data (ex: id=FUZZ&catalogue=1)
scan-mode
boolean
Command: -Z - Scan mode (Connection errors will be ignored)
basic-auth
string
Command: --basic - in format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZ
digest-auth
string
Command: --digest - in format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZ
dump-recipe
string
Command: --dump-recipe - Prints current options as a recipe
http-method
string
Command: -X - Specify an HTTP method for the request, ie. HEAD or FUZZ
script-scan
string
Command: --script - Equivalent to --script=default
color-output
boolean
Command: -c - Output with colors
payload-args
string
Command: --zP - Arguments for the specified payload (it must be preceded by -z or -w).
filter-payload
string
Command: --slice - Filter payload's elements using the specified expression. It must be preceded by -z.
max-link-depth
string
Command: -D - Maximum link depth level.
no-http-request
boolean
Command: --dry-run - Print the results of applying the requests without actually making any HTTP request.
payload-encoder
string
Command: --zE - Encoder for the specified payload (it must be preceded by -z or -w).
request-timeout
string
Command: --req-delay - Sets the maximum time in seconds the request is allowed to take (CURLOPT_TIMEOUT). Default 90.
specify-payload
file
Command: -z - Specify a payload for each FUZZ keyword used in the form of name[,parameter][,encoder].A list of encoders can be used, ie. md5-sha1. Encoders can be chained, ie. md5@sha1. Encoders category can be used. ie. url
url-for-request
string
required
Command: - Specify a URL for the request.
filter-responses
string
Command: --filter - Show/hide responses using the specified filter expression (Use BBB for taking values from baseline)
payload-iterator
string
Command: -m - Specify an iterator for combining payloads
connection-timeout
string
Command: --conn-delay - Sets the maximum time in seconds the connection phase to the server to take (CURLOPT_CONNECTTIMEOUT). Default 90.
hide-response-code
string
Command: --hc - Hide responses with the specified code (Use BBB for taking values from baseline)
show-response-code
string
Command: --sc - Show responses with the specified code (Use BBB for taking values from baseline)
hide-response-chars
string
Command: --hh - Hide responses with the specified code/lines/words/chars (Use BBB for taking values from baseline)
hide-response-lines
string
Command: --hl - Hide responses with the specified lines (Use BBB for taking values from baseline)
hide-response-words
string
Command: --hw - Hide responses with the specified words (Use BBB for taking values from baseline)
max-recursion-level
string
Command: -R - Recursive path discovery being depth the maximum recursion level.
show-response-chars
string
Command: --sh - Show responses with the specified chars (Use BBB for taking values from baseline)
show-response-lines
string
Command: --sl - Show responses with the specified lines (Use BBB for taking values from baseline)
show-response-words
string
Command: --sw - Show responses with the specified words (Use BBB for taking values from baseline)
concurent-connections
string
Command: -t - Specify the number of concurrent connections (10 default)
disable-plugins-cache
boolean
Command: --no-cache - Disable plugins cache. Every request will be scanned.
filter-before-fuzzing
string
Command: --prefilter - Filter items before fuzzing using the specified expression. Repeat for concatenating filters.
previous-http-request
boolean
Command: --prev - Print the previous HTTP requests (only when using payloads generating fuzzresults)
all-params-bruteforcing
string
Command: -V - All parameters bruteforcing (allvars and allpost). No need for FUZZ keyword.
provide-args-to-scripts
string
Command: --script-args - Provide arguments to scripts. ie. --script-args grep.regex=<A href=(.*?)>
follow-http-redirections
string
Command: -L - Follow HTTP redirections
ip-and-port-to-connect-to
string
Command: --ip - Specify an IP to connect to instead of the URL's host in the format ip:port
filter-items-before-fuzzing
string
Command: --prefilter - Filter items before fuzzing using the specified expression. Repeat for concatenating filters.
time-delay-between-requestts
string
Command: -s - Specify time delay between requests