xmendez/wfuzz
1
1
Fork 0
mirror of https://github.com/xmendez/wfuzz.git synced 2024-10-03 22:07:09 +03:00
Code Issues Packages Projects Releases Wiki Activity
Web application fuzzer
1,155 Commits 13 Branches 32 Tags 7.7 MiB
Python 99.6%
Makefile 0.3%
master
Go to file
Xavi Mendez 1b695ee9a8
Merge pull request #250 from MKesenheimer/master 
Corrected misleading warning message (-t and -s flags were mixed up)
2020-11-28 20:59:28 +01:00
.github revert workflow 2020-10-29 01:01:15 +01:00
docs diff operator 2020-11-03 00:18:59 +01:00
src Corrected misleading warning message (-t and -s flags were mixed up) 2020-11-26 12:59:18 +01:00
tests black format 2020-11-06 09:57:11 +01:00
wordlist Update common.txt 2020-04-02 22:36:13 +02:00
.flake8 Integrate black formatter (#200) 2020-06-04 21:39:14 +02:00
.gitignore Add .idea to .gitignore 2019-10-29 14:16:24 +01:00
.travis.yml add black to dev deps 2020-08-11 00:32:28 +02:00
Dockerfile add new line to dockerfile 2020-10-24 15:43:00 +02:00
ISSUE_TEMPLATE.md add issue template 2018-12-29 12:20:23 +01:00
LICENSE Initial commit 2014-10-22 22:23:49 +01:00
Makefile add tests and tox action 2020-11-02 20:44:15 +01:00
MANIFEST.in --filter-help reads from docs 2019-04-27 02:01:30 +02:00
README.md Update README.md 2020-10-24 20:02:54 +02:00
requirements.txt remove future lib 2020-11-06 00:21:10 +01:00
setup.py remove future lib 2020-11-06 00:21:10 +01:00
tox.ini pytest to dev requires fixes #215 2020-10-24 16:20:39 +02:00
wfencode quote cli scripts args 2017-11-22 23:34:23 +01:00
wfencode.bat Windows runner scripts. 2020-03-28 00:57:55 +01:00
wfpayload quote cli scripts args 2017-11-22 23:34:23 +01:00
wfpayload.bat Windows runner scripts. 2020-03-28 00:57:55 +01:00
wfuzz quote cli scripts args 2017-11-22 23:34:23 +01:00
wfuzz_bash_completion use wfuzz in the bash completion script 2019-04-09 10:31:35 +02:00
wfuzz.bat Windows runner scripts. 2020-03-28 00:57:55 +01:00
wxfuzz binaries reorg 2017-11-21 23:18:04 +01:00
wxfuzz.bat Windows runner scripts. 2020-03-28 00:57:55 +01:00

README.md

Build Status

Wfuzz - The Web Fuzzer

Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.

A payload in Wfuzz is a source of data.

This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc.

Wfuzz is more than a web content scanner:

  • Wfuzz could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzzs web application vulnerability scanner is supported by plugins.

  • Wfuzz is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Building plugins is simple and takes little more than a few minutes.

  • Wfuzz exposes a simple language interface to the previous HTTP requests/responses performed using Wfuzz or other tools, such as Burp. This allows you to perform manual and semi-automatic tests with full context and understanding of your actions, without relying on a web application scanner underlying implementation.

It was created to facilitate the task in web applications assessments, it's a tool by pentesters for pentesters ;)

Installation

To install WFuzz, simply use pip:

pip install wfuzz

To run Wfuzz from a docker image, run:

$ docker run -v $(pwd)/wordlist:/wordlist/ -it ghcr.io/xmendez/wfuzz wfuzz

Documentation

Documentation is available at http://wfuzz.readthedocs.io

Download

Check github releases. Latest is available at https://github.com/xmendez/wfuzz/releases/latest