Skip to content

Latest commit

 

History

History
35 lines (23 loc) · 1001 Bytes

README.md

File metadata and controls

35 lines (23 loc) · 1001 Bytes

Wfuzz - The Web Bruteforcer

What is this?

Wfuzz is a tool designed to brutefore web applications, it's very flexible, it supports:

  • Recursion (when doing directory discovery)
  • Post data bruteforcing
  • Header bruteforcing
  • Output to HTML (easy for just clicking the links and checking the page, even with postdata!)
  • Colored output
  • Hide results by return code, word numbers, line numbers, etc.
  • Url encoding
  • Cookies
  • Multithreading
  • Proxy support
  • All parameter fuzzing
  • etc

It was created to facilitate the task in web applications assessments, it's a tool by pentesters for pentesters ;)

How does it works?

The tool is based on dictionaries or ranges, then you choose where you want to bruteforce just by replacing the value by the word FUZZ.

For further information check the wiki at https://github.com/xmendez/wfuzz/wiki.

Or check the README file for usage examples.

Download

Check github releases. Latest: