wFuzz

Directory Discovery Use

wfuzz -c --hc=400 -w /usr/share/rockyou.txt -X POST -u 'http://url.com/FUZZ' -H 'Content-type: application/json'

Extensions Discovery Use

wfuzz -c --hc=400 -w /usr/share/rockyou.txt -X POST -u 'http://url.com/FUZZ.php' -H 'Content-type: application/json'

Data Use

wfuzz -c --hc=400 -w /usr/share/rockyou.txt -X POST -u 'http://url.com' -H 'Content-type: application/json' -d '{"email":"test","password":"FUZZ"'

Discover with range numbers

wfuzz -c --hl=59 -u "http://<IP>" -z range,0-28 -b "name=FUZZ;"

Use multilist

wfuzz -c \
  -u 'http://<IP>' \
  -w wordlist_1 \
  -w wordlist_2 \
  -H 'Content-Type: application/json' \
  -H 'X-Forwarded-For: FUZZ' \
  -d '{"email":"test@test.com","password":"FUZ2Z"}'

Donde:

FUZZ: Primera lista perteneciente a wordlist_1.
FUZ2Z: Primera lista perteneciente a wordlist_2.

Encoders, encodes, encode

Sirve para encodear el payload a enviar ya sea en md5, base64, sha1, etc.

For example:

wfuzz -c -u 'http://<IP>/skills/' -z file,/path/wordlist,md5 -H 'Cookie: cookie=FUZZ'

Referencias:

HackTricks/pentesting-web/web-tool-wfuzz.md at master · b4rdia/HackTricksGitHub

PreviousCrunch NextSCP

Last updated 4 months ago

hashtagDirectory Discovery Use

hashtagExtensions Discovery Use

hashtagData Use

hashtagDiscover with range numbers

hashtagUse multilist

hashtagEncoders, encodes, encode

Directory Discovery Use

Extensions Discovery Use

Data Use

Discover with range numbers

Use multilist

Encoders, encodes, encode