Wfuzz is a tool designed to brutefore web applications, it’s very flexible, it supports:Recursion (when doing directory discovery) Post data bruteforcing Header bruteforcing Output to HTML (easy for just clicking the links and checking the page, even with postdata!) Colored output Hide results by return code, word numbers, line numbers, etc. Url encoding Cookies Multithreading Proxy support All parameter fuzzing etc
It was created to facilitate the task in web applications assessments, it’s a tool by pentesters for pentesters.
The tool is based on dictionaries or ranges, then you choose where you want to bruteforce just by replacing the value by the word FUZZ.
Wfuzz output allows to analyze the web server responses and filter the desired results based on the HTTP response message obtained, for example, response codes, response length, etc.
A typical Wfuzz command line execution, specifying a dictionary payload and a URL, looks like this:
Wfuzz needs the following third party libraries to work:
Wfuzz is using the following 3rd party libraries:
JSON.miniy v0.2 (C) Gerald Storer ( https://github.com/getify/JSON.minify/blob/master/minify_json.py )
git clone https://github.com/xmendez/wfuzz.git
本文开发（python）相关术语:python基础教程 python多线程 web开发工程师 软件开发工程师 软件开发流程