Published on February 13th, 2017 | by MaxiSoler0
Wfuzz v2.2 – Web Bruteforcer
Wfuzz is a web application brute forcer. Wfuzz was created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the keyword FUZZ by the value of a given payload.
A payload in Wfuzz is a source of input data.This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex brute force attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc.
Wfuzz is a tool designed to brutefore web applications, it’s very flexible, it supports:
- Recursion (when doing directory discovery)
- Post data bruteforcing
- Header bruteforcing
- Output to HTML (easy for just clicking the links and checking the page, even with postdata!)
- Colored output
- Hide results by return code, word numbers, line numbers, etc.
- Url encoding
- Proxy support
- All parameter fuzzing
More Information: here
Thank you to Xavier Mendez, for sharing this tool with us.