Linux cli command wfuzz

➡ A Linux man page (short for manual page) is a form of software documentation found on Linux and Unix-like operating systems. This man-page explains the command wfuzz and provides detailed information about the command wfuzz, system calls, library functions, and other aspects of the system, including usage, options, and examples of _. You can access this man page by typing man followed by the wfuzz.

4 minute read

NAME 🖥️ wfuzz 🖥️

a web application bruteforcer

SYNOPSIS

wfuzz [options] -z payload,params <url>

OPTIONS

-h
Print information about available arguments.

–help
Advanced help.

–version
Wfuzz version details

-e <type>
List of available encoders/payloads/iterators/printers/scripts

–recipe <filename>
Reads options from a recipe

–dump-recipe <filename>
Prints current options as a recipe

–oF <filename>
Saves fuzz results to a file. These can be consumed later using the wfuzz payload.

-c
Output with colors

-v
Verbose information.

-f filename,printer
Store results in the output file using the specified printer (raw printer if omitted).

-o printer
Format output using the specified printer.

–interact
(beta) If selected, all key presses are captured. This allows you to interact with the program.

–dry-run
Print the results of applying the requests without actually making any HTTP request.

–prev
Print the previous HTTP requests (only when using payloads generating fuzzresults)

-p addr
Use Proxy in format ip:port:type. Repeat option for using various proxies. Where type could be SOCKS4, SOCKS5 or HTTP if omitted.

-t N
Specify the number of concurrent connections (10 default)

-s N
Specify time delay between requests (0 default)

-R depth
Recursive path discovery being depth the maximum recursion level.

-L, –follow
Follow HTTP redirections

-Z
Scan mode (Connection errors will be ignored).

–req-delay N
Sets the maximum time in seconds the request is allowed to take (CURLOPT_TIMEOUT). Default 90.

–conn-delay N
Sets the maximum time in seconds the connection phase to the server to take (CURLOPT_CONNECTTIMEOUT). Default 90.

-A
Alias for –script=default -v -c

–script=
Equivalent to –script=default

–script=<plugins>
Runs script’s scan. <plugins> is a comma separated list of plugin-files or plugin-categories

–script-help=<plugins>
Show help about scripts.

–script-args n1=v1,…
Provide arguments to scripts. ie. –script-args grep.regex="<A href=(.*?)>"

-u url
Specify a URL for the request.

-m iterator
Specify an iterator for combining payloads (product by default)

-z payload
Specify a payload for each FUZZ keyword used in the form of type,parameters,encoder. A list of encoders can be used, ie. md5-sha1. Encoders can be chained, ie. md5@sha1. Encoders category can be used. ie. url. Use help as a payload to show payload plugin’s details (you can filter using –slice)

–zP <params>
Arguments for the specified payload (it must be preceded by -z or -w).

–slice <filter>
Filter payload’s elements using the specified expression. It must be preceded by -z.

-w wordlist
Specify a wordlist file (alias for -z file,wordlist).

-V alltype
All parameters bruteforcing (allvars and allpost). No need for FUZZ keyword.

-X method
Specify an HTTP method for the request, ie. HEAD or FUZZ

-b cookie
Specify a cookie for the requests. Repeat option for various cookies.

-d postdata
Use post data (ex: “id=FUZZ&catalogue=1”)

-H headers
Use headers (ex:“Host:www.mysite.com,Cookie:id=1312321&user=FUZZ”). Repeat option for various headers.

–basic/ntlm/digest auth
in format “user:pass” or “FUZZ:FUZZ” or “domain\FUZ2Z:FUZZ”

–hc/hl/hw/hh N[,N]+
Hide responses with the specified code/lines/words/chars (Use BBB for taking values from baseline)

–sc/sl/sw/sh N[,N]+
Show responses with the specified code/lines/words/chars (Use BBB for taking values from baseline)

–ss/hs regex
Show/Hide responses with the specified regex within the content

–filter <filter>
Filter responses using the specified expression (Use BBB for taking values from baseline) It should be composed of: c,l,w,h/and,or/=,<,>,!=,<=,>= Keyword: FUZZ, …, FUZnZ wherever you put these keywords wfuzz will replace them with the values of the specified payload. Baseline: FUZZ{baseline_value} FUZZ will be replaced by baseline_value. It will be the first request performed and could be used as a base for filtering.

–prefilter <filter>
Filter items before fuzzing using the specified expression.

EXAMPLES

wfuzz -c -z file,users.txt -z file,pass.txt --sc 200 http://www.site.com/log.asp?user=FUZZ&pass=FUZ2Z
wfuzz -c -z range,1-10 --hc=BBB http://www.site.com/FUZZ{something not there}
wfuzz --script=robots -z list,robots.txt http://www.webscantest.com/FUZZ
More examples are available in the README..

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.