Skip to main content

Wfuzz - The web fuzzer

Project description

# Wfuzz - The Web Fuzzer

## What is this?

Wfuzz is a tool designed to fuzz web applications, it’s very flexible, it supports:

  • Recursion (when doing directory discovery)
  • Post data bruteforcing
  • Header bruteforcing
  • Output to HTML (easy for just clicking the links and checking the page, even with postdata!)
  • Colored output
  • Hide results by return code, word numbers, line numbers, etc.
  • Url encoding
  • Cookies
  • Multithreading
  • Proxy support
  • All parameter fuzzing
  • etc

It was created to facilitate the task in web applications assessments, it’s a tool by pentesters for pentesters ;)

## How does it works?

The tool is based on dictionaries or ranges, then you choose where you want to bruteforce just by replacing the value by the word FUZZ.

For further information check the wiki at

Or check the README file for usage examples.

## Download

Check github releases. Latest:

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for wfuzz, version 2.2.0
Filename, size File type Python version Upload date Hashes
Filename, size wfuzz-2.2.0.tar.gz (79.2 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page