Wfuzz

Wfuzz

#Security Testing#Offensive Security

A login cracker that can be used to crack many types of authentication protocols.

Visit Website

Wfuzz: A Tool for Web Application Bruteforcing and Fuzzing

Wfuzz is a specialized tool for bruteforcing web applications. It can help identify unlinked resources such as directories, servlets, and scripts. Additionally, Wfuzz can bruteforce GET and POST parameters to test for various types of injections, including SQL, XSS, and LDAP. It also supports bruteforcing form parameters like username and password, as well as fuzzing operations. Some features include: - Capability for multiple injection points with various dictionaries - Recursion support during directory bruteforcing - Brute forcing of POST requests, headers, and authentication data - Output can be generated in HTML format - Colored output for better readability - Ability to hide results based on return codes, word counts, line counts, or regular expressions - Fuzzing of cookies - Multi-threading support for faster execution - Proxy support for routing requests - SOCKS support for added flexibility - Adjustable time delays between requests - Support for different authentication methods (NTLM, Basic) - Comprehensive bruteforcing of all parameters (both POST and GET) - Use of multiple encoders per payload - Payload combinations using iterators - Baseline request functionality for filtering results - Brute forcing of HTTP methods - Support for multiple proxies (each request can go through a different proxy) - HEAD scan feature for quicker resource discovery - Dictionaries designed specifically for known applications (such as Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion, and many others). Many of these dictionaries are adapted from Darkraver's Dirb and www.open-labs.org. Payload options include: - File - List - hexrand - Range - Names - hexrange