wfuzz
Wfuzz can be used to look for hidden content, such as files and directories, within a web server, allowing to find further attack vectors. It is worth noting that, the success of this task depends highly on the dictionaries used.
Details
Category: Fuzzing
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/wfuzz:3.1.0
Source URL: https://github.com/xmendez/wfuzz
Parameters
field
string
Command:
--field - Do not show the payload but only the specified language expression. Repeat for various fields.cookie
string
Command:
-b - Specify a cookie for the requests. Repeat option for various cookies.efield
string
Command:
--efield - Show the specified language expression together with the current payload. Repeat for various fields.header
string
Command:
-H - Use header (ex:Cookie:id=1312321&user=FUZZ). Repeat option for various headers.recipe
string
Command:
--recipe - Reads options from a recipe. Repeat for various recipes.ip-proxy
string
Command:
-p - Use Proxy in format ip:port:type. Repeat option for using various proxies.wordlist
file
requiredCommand:
-w - Specify a wordlist file (alias for -z file,wordlist).ntlm-auth
string
Command:
--ntlm - in format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZpost-data
string
Command:
-d - Use post data (ex: id=FUZZ&catalogue=1)scan-mode
boolean
Command:
-Z - Scan mode (Connection errors will be ignored)basic-auth
string
Command:
--basic - in format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZdigest-auth
string
Command:
--digest - in format user:pass or FUZZ:FUZZ or domainFUZ2Z:FUZZdump-recipe
string
Command:
--dump-recipe - Prints current options as a recipehttp-method
string
Command:
-X - Specify an HTTP method for the request, ie. HEAD or FUZZscript-scan
string
Command:
--script - Equivalent to --script=defaultcolor-output
boolean
Command:
-c - Output with colorspayload-args
string
Command:
--zP - Arguments for the specified payload (it must be preceded by -z or -w).filter-payload
string
Command:
--slice - Filter payload's elements using the specified expression. It must be preceded by -z.max-link-depth
string
Command:
-D - Maximum link depth level.no-http-request
boolean
Command:
--dry-run - Print the results of applying the requests without actually making any HTTP request.payload-encoder
string
Command:
--zE - Encoder for the specified payload (it must be preceded by -z or -w).request-timeout
string
Command:
--req-delay - Sets the maximum time in seconds the request is allowed to take (CURLOPT_TIMEOUT). Default 90.specify-payload
file
Command:
-z - Specify a payload for each FUZZ keyword used in the form of name[,parameter][,encoder].A list of encoders can be used, ie. md5-sha1. Encoders can be chained, ie. md5@sha1. Encoders category can be used. ie. urlurl-for-request
string
requiredCommand:
filter-responses
string
Command:
--filter - Show/hide responses using the specified filter expression (Use BBB for taking values from baseline)payload-iterator
string
Command:
-m - Specify an iterator for combining payloadsconnection-timeout
string
Command:
--conn-delay - Sets the maximum time in seconds the connection phase to the server to take (CURLOPT_CONNECTTIMEOUT). Default 90.hide-response-code
string
Command:
--hc - Hide responses with the specified code (Use BBB for taking values from baseline)show-response-code
string
Command:
--sc - Show responses with the specified code (Use BBB for taking values from baseline)hide-response-chars
string
Command:
--hh - Hide responses with the specified code/lines/words/chars (Use BBB for taking values from baseline)hide-response-lines
string
Command:
--hl - Hide responses with the specified lines (Use BBB for taking values from baseline)hide-response-words
string
Command:
--hw - Hide responses with the specified words (Use BBB for taking values from baseline)max-recursion-level
string
Command:
-R - Recursive path discovery being depth the maximum recursion level.show-response-chars
string
Command:
--sh - Show responses with the specified chars (Use BBB for taking values from baseline)show-response-lines
string
Command:
--sl - Show responses with the specified lines (Use BBB for taking values from baseline)show-response-words
string
Command:
--sw - Show responses with the specified words (Use BBB for taking values from baseline)concurent-connections
string
Command:
-t - Specify the number of concurrent connections (10 default)disable-plugins-cache
boolean
Command:
--no-cache - Disable plugins cache. Every request will be scanned.filter-before-fuzzing
string
Command:
--prefilter - Filter items before fuzzing using the specified expression. Repeat for concatenating filters.previous-http-request
boolean
Command:
--prev - Print the previous HTTP requests (only when using payloads generating fuzzresults)all-params-bruteforcing
string
Command:
-V - All parameters bruteforcing (allvars and allpost). No need for FUZZ keyword.provide-args-to-scripts
string
Command:
--script-args - Provide arguments to scripts. ie. --script-args grep.regex=<A href=(.*?)>follow-http-redirections
string
Command:
-L - Follow HTTP redirectionsip-and-port-to-connect-to
string
Command:
--ip - Specify an IP to connect to instead of the URL's host in the format ip:portfilter-items-before-fuzzing
string
Command:
--prefilter - Filter items before fuzzing using the specified expression. Repeat for concatenating filters.time-delay-between-requestts
string
Command:
-s - Specify time delay between requests