Home Uncategorized What is WFUZZ?

Uncategorized

What is WFUZZ?

lucky thandel

April 28, 2019

3366

WFUZZ:

wfuzz is a web application tool which helps in brute force.

it is so hard to explain about the uses of wfuzz. it can be useful in many ways.

if you use Kali Linux it already comes in it.

in any other Linux distributions, you will have to download it.

you can download it: click here

in this part, we will talk about its basics.

how to find dirs in website using WFUZZ?

you can simply see the help menu of wfuzz by this command:

wfuzz --help

suppose, I have hosted a website on my LOCAL apache server. the website has some directories that are not shown. the wfuzz has wordlists for different-different use.

we will use user/share/wfuzz/wordlists/general/common.txt

type this command in your terminal:

wfuzz -c -w user/share/wfuzz/worldlists/general/common.txt --hc 404 -u http://<webisite-ip>:<port>/FUZZ

here, we are using -c to get output in colors(it is useful). -z is to tell the path of wordlist. then, the –hc means hide code. it means it will hide the result that will give 404 response code. we can add more response codes by using comma{,}. you can enter the port no. if some other port is using apache service. we use FUZZ at the place where it should brute force. it is hard to explain. so, try it by yourself and see how it works.

it will try every word from the common.txt and will give you the output of valid dirs.

how to brute force admin panel using WFUZZ?

mostly people use wfuzz to get username and password of a web application.

suppose, I have a website which is hosted on my LOCAL apache server. if we want to access the website, we will have to login first with user and password.

now I have a wordlist which contains users and passwords both. type this command to brute force the admin panel or login panel:

wfuzz -c -w /user/share/wfuzz/wordlist/general/admin-panels.txt --hs incorrect -d "user=FUZZ&pass=FUZZ" -u http://<website-ip>/<path to admin panal>

this command will start brute forcing the admin panel.

–hs is similar to –hc but there is a minor difference between them that –hc is for a response code but –hs is for response text. it means if we have assigned the –hs value to invalid, it will ignore the result that will contain invalid in itself.

-d is to get a post request and to tell where to FUZZ. in case, you have the user, you can type it at the place of FUZZ.

thanks for visiting

How To Fix Error: Externally-Managed-Environment In Python (Kali Linux)

Understanding Systemctl Command in Linux (Practical)

Macros in docm & Linux memory dump| Hack The Boo …

Android Apps debugging | Frida, JADX, Genymotion

What is WFUZZ?

LEAVE A REPLY Cancel reply

Connect With Us

Popular

How To Hack MySpace By Phishing (Working)

How To Perform Brute-Force on Facebook Easily

How to enable RDP in Linux | XRDP, SSH

How To Crack WinRAR | Reverse Engineering

KDE VS XFCE | which one is better

How To Edit a Text file in Windows Powershell

How to extract information from .DMP files

How To Fix Error: Externally-Managed-Environment In Python (Kali Linux)

How to Bypass Cloudflare on a Vulnerable Website | Wafw00f tool