PwC安全技术小组
  • PwC安全技术小组须知
  • 技术
    • 技术 - Web安全测试技术点
      • XS-Search
      • XSSI (Cross-Site Script Inclusion)
      • XSS (Cross Site Scripting)
        • PDF Injection
        • DOM XSS
        • Server Side XSS (Dynamic PDF)
        • XSS Tools
      • XXE - XEE - XML External Entity
      • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
      • XPATH injection
      • Web Tool - WFuzz
      • Unicode Normalization vulnerability
      • SSTI (Server Side Template Injection)
      • SSRF (Server Side Request Forgery)
      • SQL Injection
        • MSSQL Injection
        • Oracle injection
        • PostgreSQL injection
          • dblink/lo_import data exfiltration
          • PL/pgSQL Password Bruteforce
          • Network - Privesc, Port Scanner and NTLM chanllenge response disclosure
          • Big Binary Files Upload (PostgreSQL)
          • RCE with PostgreSQL Extensions
        • MySQL injection
          • Mysql SSRF
        • SQLMap - Cheetsheat
        • sqlmap
          • Second Order Injection - SQLMap
      • Reset/Forgotten Password Bypass
      • Regular expression Denial of Service - ReDoS
      • Rate Limit Bypass
      • Race Condition
      • PostMessage Vulnerabilities
      • Parameter Pollution
      • OAuth to Account takeover
      • LDAP Injection
      • NoSQL injection
      • JWT Vulnerabilities (Json Web Tokens)
      • IDOR
      • HTTP Request Smuggling / HTTP Desync Attack
      • Formula Injection
      • File Upload
        • PDF Upload - XXE and CORS bypass
      • File Inclusion/Path traversal
        • phar:// deserialization
        • LFI - Linux List
      • Email Header Injection
      • Deserialization
        • Java JSF ViewState (.faces) Deserialization
        • NodeJS - __proto__ & prototype Pollution
        • Basic Java Deserialization (ObjectInputStream, readObject)
        • Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner
        • CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep
        • Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)
        • Exploiting __VIEWSTATE knowing the secrets
        • Exploiting __VIEWSTATE without knowing the secrets
      • Domain/Subdomain takeover
      • CSRF (Cross Site Request Forgery)
      • Dangling Markup - HTML scriptless injection
      • CRLF (%0D%0A) Injection
      • Cross-site WebSocket hijacking (CSWSH)
      • CORS - Misconfigurations & Bypass
      • Cookies Hacking
      • Content Security Policy (CSP) Bypass
      • Client Side Template Injection (CSTI)
      • Command Injection
      • Clickjacking
      • Cache Poisoning and Cache Deception
      • Captcha Bypass
      • Bypass Payment Process
      • Abusing hop-by-hop headers
      • 2FA/OTP Bypass
    • 技术 - 安全开发知识库
      • 代码审计
        • Cobra安装与使用
        • 智能合约代码审计
        • FindSecBugs安装与使用
        • SonarQube踩坑记
        • SonarQube安装与使用
      • 移动安全
        • 移动安全扫描
        • 移动安全工具
      • 安全开发
        • API网关
        • API网关设计
      • 安全防护
        • 全站https
        • waf
        • waf
        • waf
      • 安全测试
        • API安全测试
        • APP安全测试
        • 安全测试checklist
        • DAST&SAST&IAST
        • tools-skills
          • APP脱壳技巧
          • https抓包
          • 抓包技巧
          • 信息泄漏漏洞利用
          • Web安全工具
      • 漏洞管理
    • 技术 - 红队攻击手段介绍
      • offensive-security-experiments
        • Active Directory & Kerberos Abuse
        • Pentesting Cheatsheets
        • active-directory-kerberos-abuse
          • From Domain Admin to Enterprise Admin
          • Kerberoasting
          • Kerberos: Golden Tickets
          • Kerberos: Silver Tickets
          • AS-REP Roasting
          • Kerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled
          • Kerberos Unconstrained Delegation
          • Kerberos Constrained Delegation
          • Kerberos Resource-based Constrained Delegation: Computer Object Take Over
          • Domain Compromise via DC Print Server and Kerberos Delegation
      • offensive-security
        • Red Team Infrastructure
        • Initial Access
        • Code Execution
        • Code & Process Injection
        • Defense Evasion
        • Enumeration and Discovery
        • Privilege Escalation
        • Credential Access & Dumping
        • Lateral Movement
        • Persistence
        • Exfiltration
      • miscellaneous-reversing-forensics
        • Windows / OS Internals
        • Cloud
        • Neo4j
        • Dump Virtual Box Memory
        • AES Encryption Using Crypto++ .lib in Visual Studio C++
        • Reversing Password Checking Routine
  • 工具
    • 工具 - BloodHound基础使用
    • 工具 - CobaltStrike基础使用
      • 目录
      • Cobalt Strike简介
      • Cobalt Strike基本使用
      • Cobalt Strike Beacon命令
      • Cobalt Strike脚本使用
      • Cobalt Strike脚本编写
      • Cobalt Strike扩展
      • Cobalt Strike原理介绍
        • 介绍
        • Payload生成分析
      • Cobalt Strike攻击防御
      • 说明
      • cobalt-strikejiao-ben-bian-xie
        • COM劫持利用脚本编写
        • aggressor-script文档翻译
        • ArtifactPayloadGenerator.cna脚本bug修复
        • TODO
      • cobalt-strikeji-ben-shi-yong
        • 界面功能介绍
        • CS4.0功能演示
        • 监听器(Listener)
      • cobalt-strikekuo-zhan
        • Malleable C2
        • External C2
        • CS证书相关
        • CS Beacon和监听器
        • 转发重定向
        • CDN代理转发
        • CDN与转发器
        • CS部分功能启用
        • CS检测工具CobaltStrikeScan绕过
        • 联动Core impact
由 GitBook 提供支持
在本页
  • Installation
  • Filtering options
  • Output options
  • Encoders options
  • CheetSheet
  • Login Form bruteforce
  • Bruteforce Dicrectory/RESTful bruteforce
  • Path Parameters BF
  • HTTP Verbs (methods) bruteforce
  • Directory & Files Bruteforce

这有帮助吗?

  1. 技术
  2. 技术 - Web安全测试技术点

Web Tool - WFuzz

上一页XPATH injection下一页Unicode Normalization vulnerability

最后更新于4年前

这有帮助吗?

A tool to FUZZ web applications anywhere.

Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.

Installation

Installed in Kali

Github: ​

Filtering options

--hs/ss "regex" ​--hc/sc CODE --hl/sl NUM --hw/sw NUM --hc/sc NUM

Output options

wfuzz -e printers -f /tmp/output,csv

Encoders options

In order to use a encoder, you have to indicate it in the "-w" or "-z" option.

Examples:

-z file,/path/to/file,md5 -w /path/to/file,base64 -z list,each-element-here,hexlify

CheetSheet

Login Form bruteforce

POST, Single list, filter string (hide)

wfuzz -c -w users.txt --hs "Login name" -d "name=FUZZ&password=FUZZ&autologin=1&enter=Sign+in" http://zipper.htb/zabbix/index.php

POST, 2 lists, filder code (show)

wfuzz.py -c -z file,users.txt -z file,pass.txt --sc 200 -d "name=FUZZ&password=FUZ2Z&autologin=1&enter=Sign+in" http://zipper.htb/zabbix/index.php

GET, 2 lists, filter string (show), proxy, cookies

wfuzz -c -w users.txt -w pass.txt --ss "Welcome " -p 127.0.0.1:8080:HTTP -b "PHPSESSIONID=1234567890abcdef;customcookie=hey" "http://example.com/index.php?username=FUZZ&password=FUZ2Z&action=sign+in"

Bruteforce Dicrectory/RESTful bruteforce

wfuzz -c -w /tmp/tmp/params.txt --hc 404 https://domain.com/api/FUZZ

Path Parameters BF

wfuzz -c -w ~/git/Arjun/db/params.txt --hw 11 'http://example.com/path%3BFUZZ=FUZZ'

Basic, 2 lists, filter string (show), proxy

wfuzz -c -w users.txt -w pass.txt -p 127.0.0.1:8080:HTTP --ss "Welcome" --basic FUZZ:FUZ2Z "http://example.com/index.php"

NTLM, 2 lists, filter string (show), proxy

wfuzz -c -w users.txt -w pass.txt -p 127.0.0.1:8080:HTTP --ss "Welcome" --ntlm 'domain\FUZZ:FUZ2Z' "http://example.com/index.php"

Cookie, filter code (show), proxy

wfuzz -c -w users.txt -p 127.0.0.1:8080:HTTP --ss "Welcome " -H "Cookie:id=1312321&user=FUZZ"  "http://example.com/index.php"

User-Agent, filter code (hide), proxy

wfuzz -c -w user-agents.txt -p 127.0.0.1:8080:HTTP --ss "Welcome " -H "User-Agent: FUZZ"  "http://example.com/index.php"

Host

wfuzz -c -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-20000.txt --hc 400,404,403 -H "Host: FUZZ.example.com" -u http://example.com -t 100

HTTP Verbs (methods) bruteforce

Using file

wfuzz -c -w methods.txt -p 127.0.0.1:8080:HTTP --sc 200 -X FUZZ "http://example.com/index.php"

Using inline list

$ wfuzz -z list,GET-HEAD-POST-TRACE-OPTIONS -X FUZZ http://testphp.vulnweb.com/

Directory & Files Bruteforce

wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --sc 200,202,204,301,302,307,403 http://example.com/uploads/FUZZ

​​

​​

https://github.com/xmendez/wfuzz
Arjun parameters wordlist
https://github.com/carlospolop/fuzzhttpbypass