Wfuzz

LSE toolsLSE toolsWfuzz (327)Wfuzz (327)

Tool and Usage

Project details

License
GPLv2
Programming language
Python
Authors
Carlos del Ojo
Christian Martorella
Latest release
3.1.0
Latest release date

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Wfuzz is a fuzzing tool written in Python. Tools like Wfuzz are typically used to test web applications and how they handle both expected as unexpected input.

Usage and audience

Wfuzz is commonly used for application fuzzing, application security, application testing, or web application analysis. Target users for this tool are developers and pentesters.

Features

  • Command line interface
  • Extendable with custom tests and plugins
  • Tool is modular

Example usage and output

********************************************************
* Wfuzz 2.2 - The Web Bruteforcer *
********************************************************

Target: http://testphp.vulnweb.com/FUZZ
Total requests: 950

==================================================================
ID Response Lines Word Chars Request
==================================================================

00022: C=301 7 L 12 W 184 Ch "admin"
00130: C=403 10 L 29 W 263 Ch "cgi-bin"
00378: C=301 7 L 12 W 184 Ch "images"
00690: C=301 7 L 12 W 184 Ch "secured"
00938: C=301 7 L 12 W 184 Ch "CVS"

Total time: 5.519253
Processed Requests: 950
Filtered Requests: 945
Requests/sec.: 172.1247

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Author and Maintainers

Wfuzz is under development by Carlos del Ojo, Christian Martorella. This project is currently maintained by Xavi Mendez.

Installation

Supported operating systems

Wfuzz is known to work on Linux.

Wfuzz alternatives

Similar tools to Wfuzz:

74

Arachni

Web Application Security Scanner aimed towards helping users evaluate the security of web applications

64

SQLMate

SQLMate is a security tool that calls itself a friend of SQLMap. It has similar functionality, yet comes with additional features like finding an admin panel and improved hash cracking. The tool can find possible vulnerable targets, with the option to save the results and feed it to others, like SQLMap.

64

Yasuo

Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications.

All Wfuzz alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Definitions

Fuzzing
Fuzzing or fuzz testing is a technique to automatically test software. By providing the software unexpected inputs, the stability is tested. Any crashes or unexpected errors can reveal a weakness in the software.

Related topics