Wfuzz 介绍

Wfuzz是专为枚举Web应用程序的工具,它可用于查找未连接的(目录,小服务程序,脚本等)的资源,暴力破解GET和用于检查不同类型的注人点的(SQL,XSS,LDAP等)POST参数,暴力破解表单参数(用户/密码),模糊测试等。

资料来源:http://www.edge-security.com/wfuzz.php
Wfuzz 首页
Wfuzz 源代码库

包含在wfuzz里的工具

wfuzz - Web应用程序的暴力破解
root@kali:~# wfuzz

********************************************************
* Wfuzz  2.0 - The Web Bruteforcer                     *
********************************************************

Usage: /usr/bin/wfuzz [options] <url>

Options:
-c              : Output with colors
-v              : Verbose information
-o printer      : Output format by stderr

-p addr         : use Proxy (ip:port or ip:port-ip:port-ip:port)
-x type         : use SOCK proxy (SOCKS4,SOCKS5)
-t N            : Specify the number of threads (20 default)
-s N            : Specify time delay between requests (0 default)

-e <type>       : List of available encodings/payloads/iterators/printers
-R depth        : Recursive path discovery
-I              : Use HTTP HEAD instead of GET method (No HTML body responses).
--follow        : Follow redirections

-m iterator     : Specify iterator (product by default)
-z payload      : Specify payload (type,parameters,encoding)
-V alltype      : All parameters bruteforcing (allvars and allpost). No need for FUZZ
                   keyword.

-X              : Payload within HTTP methods (ex: "FUZZ HTTP/1.0"). No need for FUZZ
                   keyword.
-b cookie       : Specify a cookie for the requests
-d postdata     : Use post data (ex: "id=FUZZ&catalogue=1")
-H headers      : Use headers (ex:"Host:www.mysite.com,Cookie:id=1312321&user=FUZZ")

--basic/ntlm/digest auth  
                : in format "user:pass" or "FUZZ:FUZZ" or "domain\FUZ2Z:FUZZ"

--hc/hl/hw/hh N[,N]+
                : Hide resposnes with the specified[s] code/lines/words/chars
                  (Use BBB for taking values from baseline)
--hs regex      : Hide responses with the specified regex within the response

Keyword: FUZZ,FUZ2Z  wherever you put these words wfuzz will replace them by the payload selected.

Example:
root@kali:~# wfuzz.py -c -z file,commons.txt --hc 404 -o html http://www.site.com/FUZZ 2> res.html

root@kali:~# wfuzz.py -c -z file,users.txt -z file,pass.txt --hc 404 http://www.site.com/log.asp?user=FUZZ&pass=FUZ2Z

root@kali:~# wfuzz.py -c -z range,1-10 --hc=BBB http://www.site.com/FUZZ{something}

       More examples in the README.

wfuzz 用法示例

使用彩色输出(-c),一个词表作为有效载荷(-z file,/usr/share/wfuzz/wordlist/general/common.txt),并隐藏404消息(-hc 404),以模糊测试给定的URL(http://192.168.1.202/FUZZ):

root@kali:~# wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/common.txt --hc 404 http://192.168.1.202/FUZZ

********************************************************
* Wfuzz  2.0 - The Web Bruteforcer                     *
********************************************************

Target: http://192.168.1.202/FUZZ
Payload type: file,/usr/share/wfuzz/wordlist/general/common.txt

Total requests: 950
==================================================================
ID  Response   Lines      Word         Chars          Request    
==================================================================

00429:  C=200      4 L        25 W      177 Ch    " - index"
00466:  C=301      9 L        28 W      319 Ch    " - javascript"