# wFuzz

### Directory Discovery Use

```sh
wfuzz -c --hc=400 -w /usr/share/rockyou.txt -X POST -u 'http://url.com/FUZZ' -H 'Content-type: application/json'
```

### Extensions Discovery Use

```sh
wfuzz -c --hc=400 -w /usr/share/rockyou.txt -X POST -u 'http://url.com/FUZZ.php' -H 'Content-type: application/json'
```

### Data Use

```sh
wfuzz -c --hc=400 -w /usr/share/rockyou.txt -X POST -u 'http://url.com' -H 'Content-type: application/json' -d '{"email":"test","password":"FUZZ"'
```

### Discover with range numbers

```sh
wfuzz -c --hl=59 -u "http://<IP>" -z range,0-28 -b "name=FUZZ;"
```

### Use multilist

```sh
wfuzz -c \
  -u 'http://<IP>' \
  -w wordlist_1 \
  -w wordlist_2 \
  -H 'Content-Type: application/json' \
  -H 'X-Forwarded-For: FUZZ' \
  -d '{"email":"test@test.com","password":"FUZ2Z"}'
```

Donde:

* `FUZZ`: Primera lista perteneciente a `wordlist_1`.
* `FUZ2Z`: Primera lista perteneciente a `wordlist_2`.

### Encoders, encodes, encode

Sirve para `encodear` el payload a enviar ya sea en `md5, base64, sha1, etc`.

For example:

```sh
wfuzz -c -u 'http://<IP>/skills/' -z file,/path/wordlist,md5 -H 'Cookie: cookie=FUZZ'
```

Referencias:

{% embed url="<https://github.com/b4rdia/HackTricks/blob/master/pentesting-web/web-tool-wfuzz.md#encoders-options>" %}