License / Price: Freeware
Version: v1.4
Language: English
File size: 4 MB
Developer: Xavi Mendez
1 Star2 Stars3 Stars4 Stars5 Stars (8 votes, average: 2.50 out of 5)

wfuzz-150x50 logo


A Tool for Brute forcing / Fuzzing Web Applications .

What is Wfuzz ?

It ́s a web application brute forcer, that allows you to perform complex brute force attacks in different web application parts as parameters, authentication, forms, directories / files, headers files, etc. It has complete set of features, payloads and encodings.

It can also be used for finding resources that are not publically linked such as directories & files, it can brute force HEADERS, GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), it can also brute force forms parameters (User/Password) and carry out general Fuzzing,etc.


key features:

• Recursion (When doing directory bruteforce)
• Post, headers and authentication data bruteforcing
• Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
• Colored output on all systems
• Hide results by return code, word numbers, line numbers, etc.
• Many Encodings (random_upper, urlencode, sHA1, bin_ascii, base64, double_nibble_hex, uri_hex, md5, double_urlencode etc)
• Cookies fuzzing
• Multi-threading
• Proxy support
• Multiple FUZZ capability with multiple dictionaries
• Authentication support (NTLM, Digest, Basic)
• All parameter bruteforcing (POST and GET)
• Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more).


Leave a Reply