Wfuzz Logo

Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.

Vulnerability Management Open Source
InjectionBrute Force
Visit website
Compare
Compare
0
Explore Vulnerability Management10 AlternativesCompareStacksMarket MapExplore All Tools
MCPThe entire cybersecurity market, one prompt awayTry MCP Access

Wfuzz Description

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Some features: - Multiple Injection points capability with multiple dictionaries - Recursion (When doing directory bruteforce) - Post, headers and authentication data brute forcing - Output to HTML - Colored output - Hide results by return code, word numbers, line numbers, regex - Cookies fuzzing - Multi threading - Proxy support - SOCK support - Time delays between requests - Authentication support (NTLM, Basic) - All parameters bruteforcing (POST and GET) - Multiple encoders per payload - Payload combinations with iterators - Baseline request (to filter results against) - Brute force HTTP methods - Multiple proxy support (each request through a different proxy) - HEAD scan (faster for resource discovery) - Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more.i (Many dictionaries are from Darkraver's Dirb, www.open-labs.org) Payloads: - File - List - hexrand - range - names - hexrange

Wfuzz FAQ

Common questions about Wfuzz including features, pricing, alternatives, and user reviews.

Wfuzz is Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.. It is a Vulnerability Management solution designed to help security teams with Injection, Brute Force.

Have more questions? Browse our categories or search for specific tools.

FEATURED

Push Security Logo
Push Security
Zero Trust
CybersecRadars Logo
CybersecRadars
Threat Management
Hudson Rock Logo
Hudson Rock
Threat Management
Get Featured

ALTERNATIVES

xsshunter_client Logo
xsshunter_client

A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.

0
Weakpass Logo
Weakpass

A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.

0
Monsoon Logo
Monsoon

A fast and flexible HTTP enumerator for content discovery and credential bruteforcing

0
Offensive Docker Logo
Offensive Docker

An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.

0
NoSQLMap Logo
NoSQLMap

NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.

0

POPULAR

RoboShadow Logo
RoboShadow
Vulnerability Assessment
OSINTLeak Real-time OSINT Leak Intelligence Logo
OSINTLeak Real-time OSINT Leak Intelligence
Threat Intelligence Platforms
Cybersec Feeds Logo
Cybersec Feeds
Threat Intelligence Platforms
TestSavant AI Security Assurance Platform Logo
TestSavant AI Security Assurance Platform
AI Red Teaming
Fabric Platform by BlackStork Logo
Fabric Platform by BlackStork
Security Information and Event Management
View Popular Tools →

TRENDING CATEGORIES

Digital Forensics and Incident Response
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
524
Threat Intelligence Platforms
TIP for collecting, analyzing, and sharing cyber threat data, indicators of compromise (IOCs), and threat feeds.
413
Managed Detection and Response
Managed Detection and Response (MDR) services that provide 24/7 threat monitoring, detection, and response capabilities managed by security experts.
299
Multi-Factor Authentication and Single Sign-On
Multi-factor authentication (MFA) and single sign-on (SSO) solutions for secure user authentication and access control.
296
Identity Governance and Administration
Identity Governance and Administration (IGA) platforms for identity lifecycle management, access governance, role management, and compliance reporting.
289
View All Categories →

Stay Updated with Mandos Brief

Get strategic cybersecurity insights in your inbox