cheatsheets/linux/wfuzz.md at main · r1cksec/cheatsheets · GitHub

Source

https://github.com/xmendez/wfuzz

-c = color, -z = paylaod, file.txt contains strings for fuzzing --hc = hide response with code XXX

wfuzz -c -z file,<file>.txt --hc 404 http://<rhost>/FUZZ

-hs = hide regex switch, -d = POST, FUZZ means insert payload here

wfuzz -c -z file,<file>.txt --hs Invalid -d "<var>=FUZZ" http://<rhost>/<path>.php