KCN

Kaldei's Cybersecurity Notes

WFUZZ

A web application fuzzer.

https://github.com/xmendez/wfuzz

Folder Fuzz

wfuzz -c -z file,myWordList http://[TARGET_IP]:[TARGET_PORT]/FUZZ
Fuzz Folders.

GET Fuzz

wfuzz -c -z file,myWordList http://[TARGET_IP]:[TARGET_PORT]/api/file?parameter=FUZZ
Fuzz GET Parameter (ex: API).

wfuzz -c -z file,myWordList -u http://[TARGET_IP]:[TARGET_PORT]/login.php -d “username=FUZZ&password=FUZZ”
Fuzz POST Login.

Flags

-z
Word File to replace FUZZ in the request. For example -z file,big.txt.

-d
Specifies POST parameters.
-s
Timing for requests.
-c
Shows the output in color.

--hc
Don't show certain http response codes.
--hl
Don't show a certain amount of lines in the response.
--hh
Don't show a certain amount of words.