Loading...
Tuesday, May 8, 2012

Wfuzz - Web application bruteforcer

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
 
It's very flexible, here are some functionalities: 
  • Multiple Injection points capability with multiple dictionaries
  • Recursion (When doing directory bruteforce)
  • Post, headers and authentication data brute forcing
  • Output to HTML
  • Colored output
  • Hide results by return code, word numbers, line numbers, regex.
  • Cookies fuzzing
  • Multi threading
  • Proxy support
  • SOCK support
  • Time delays between requests
  • Authentication support (NTLM, Basic)
  • All parameters bruteforcing (POST and GET)
  • Multiple encoders per payload
  • Payload combinations with iterators
  • Baseline request (to filter results against)
  • Brute force HTTP methods
  • Multiple proxy support (each request through a different proxy)
  • HEAD scan (faster for resource discovery)
  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more. (Many dictionaries are from Darkraver's Dirb, www.open-labs.org) 
Payloads:
  • File
  • List
  • hexrand
  • range
  • names
  • hexrange 

Encodings:
  • random_uppercase
  • urlencode
  • binary_ascii
  • base64
  • double_nibble_hex
  • uri_hex
  • sha1
  • md5
  • double_urlencode
  • utf8
  • utf8_binary
  • html
  • html decimal
  • custom
  • many more...

Iterators:
  • Product
  • Zip
  • Chain 
  • Basic example

Basic example


 
Source
wfuzz

Download Wfuzz 

Examples

 - wfuzz.py -c -z file -f wordlists/commons.txt --hc 404 --html http://www.mysite.com/FUZZ 2> results.html

This will bruteforce the site  http://www.mysyte.com/FUZZ in search of resources (directories, scripts, files,etc), it will hide from the output the return code 404 (for easy reading the results), it will use the dictionary commons.txt for the bruteforce, and also will output the results to the results.html
file (with a cool format to work).

wfuzz.py -c -z range -r 1-100 --hc 404 http://www.mysite.com/list.asp?id=FUZZ

In this example instead of using a file as dictionary, it will use a range from 1-100, and will bruteforce the parameter "id".
wfuzz.py -c -z file -f wordlists/commons.txt --hc 404 --html -d "id=1&catalogue=FUZZ"
http://www.mysite.com/check.asp 2 > results.html

Here you can see the use of POST data, with the option "-d".

wfuzz.py -c -z file -f wordlists/commons.txt --hc 404 -R 1 http://www.mysite.com/FUZZ

Example of path discovery, using a recursive level of 1 paths.

wfuzz.py -c -z file -f wordlists/Injection/SQL.txt -V allvars http://www.mysite.com/res.asp?id=1&name=cars&cat=2

Example of Sql injection on every parameter of the request, you can fuzz every parameter with the option "-V allvars".
  

For more information pls visit 
Edge Security 

0 comments:

Post a Comment

 
TOP