Skip to content

Wfuzz

About fuzzing 202304182002044 Fuzzing Files discovery 

wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt --hc 301,404,403  http://offsecwp:80/FUZZ
Directories discovery: 
xport URL="http://offsecwp:80/FUZZ/"
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt --hc 404,403,301 "$URL"
Parameters discovery: 
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt --hc 404,301 "http://offsecwp:80/index.php?FUZZ=data"
Fuzzing Parameter Values: 
wfuzz -c -z file,/usr/share/seclists/Usernames/cirt-default-usernames.txt --hc 404,301 http://offsecwp:80/index.php?fpv=FUZZ
Fuz Few Parameters 2023042016141313 Fuzz few parameters WFuzz

Exclude error statuses: --hc 404, 403

Exclude result with certain counts of chars --hh 7201

Set cookies: 

-b  "wordpress_test_cookie=WP%20Cookie%20check; wp-settings-1=libraryContent%3Dbrowse; wp-settings-time-1=1681820943"

References

  1. web200.Tools.Wfuzz
  2. (Kali.org, 2021), https://tools.kali.org/web-applications/wfuzz