lunar (1) wfuzz.1.gz

Provided by: wfuzz_3.1.0-2_all bug

NAME

       wfuzz - a web application bruteforcer

SYNOPSIS

       wfuzz [options] -z payload,params <url>

OPTIONS

       -h     Print information about available arguments.

       --help Advanced help.

       --version
              Wfuzz version details

       -e <type>
              List of available encoders/payloads/iterators/printers/scripts

       --recipe <filename>
              Reads options from a recipe

       --dump-recipe <filename>
              Prints current options as a recipe

       --oF <filename>
              Saves fuzz results to a file. These can be consumed later using the wfuzz payload.

       -c     Output with colors

       -v     Verbose information.

       -f filename,printer
              Store  results  in  the  output  file  using  the specified printer (raw printer if
              omitted).

       -o printer
              Format output using the specified printer.

       --interact
              (beta) If selected, all key presses are captured. This allows you to interact  with
              the program.

       --dry-run
              Print  the  results  of  applying  the  requests  without  actually making any HTTP
              request.

       --prev Print the previous HTTP requests (only when using payloads generating fuzzresults)

       -p addr
              Use Proxy in format ip:port:type. Repeat option for using various  proxies.   Where
              type could be SOCKS4, SOCKS5 or HTTP if omitted.

       -t N   Specify the number of concurrent connections (10 default)

       -s N   Specify time delay between requests (0 default)

       -R depth
              Recursive path discovery being depth the maximum recursion level.

       -L, --follow
              Follow HTTP redirections

       -Z     Scan mode (Connection errors will be ignored).

       --req-delay N
              Sets  the maximum time in seconds the request is allowed to take (CURLOPT_TIMEOUT).
              Default 90.

       --conn-delay N
              Sets the maximum time in seconds  the  connection  phase  to  the  server  to  take
              (CURLOPT_CONNECTTIMEOUT). Default 90.

       -A     Alias for --script=default -v -c

       --script=
              Equivalent to --script=default

       --script=<plugins>
              Runs  script's  scan.  <plugins>  is  a  comma  separated  list  of plugin-files or
              plugin-categories

       --script-help=<plugins>
              Show help about scripts.

       --script-args n1=v1,...
              Provide arguments to scripts. ie. --script-args grep.regex="<A href=\"(.*?)\">"

       -u url Specify a URL for the request.

       -m iterator
              Specify an iterator for combining payloads (product by default)

       -z payload
              Specify   a   payload   for   each   FUZZ   keyword   used   in   the    form    of
              type,parameters,encoder.   A  list  of encoders can be used, ie. md5-sha1. Encoders
              can be chained, ie. md5@sha1.  Encoders category can be used. ie. url.  Use help as
              a payload to show payload plugin's details (you can filter using --slice)

       --zP <params>
              Arguments for the specified payload (it must be preceded by -z or -w).

       --slice <filter>
              Filter  payload's  elements  using the specified expression. It must be preceded by
              -z.

       -w wordlist
              Specify a wordlist file (alias for -z file,wordlist).

       -V alltype
              All parameters bruteforcing (allvars and allpost). No need for FUZZ keyword.

       -X method
              Specify an HTTP method for the request, ie. HEAD or FUZZ

       -b cookie
              Specify a cookie for the requests. Repeat option for various cookies.

       -d postdata
              Use post data (ex: "id=FUZZ&catalogue=1")

       -H headers
              Use headers (ex:"Host:www.mysite.com,Cookie:id=1312321&user=FUZZ").  Repeat  option
              for various headers.

       --basic/ntlm/digest auth
              in format "user:pass" or "FUZZ:FUZZ" or "domain\FUZ2Z:FUZZ"

       --hc/hl/hw/hh N[,N]+
              Hide responses with the specified code/lines/words/chars (Use BBB for taking values
              from baseline)

       --sc/sl/sw/sh N[,N]+
              Show responses with the specified code/lines/words/chars (Use BBB for taking values
              from baseline)

       --ss/hs regex
              Show/Hide responses with the specified regex within the content

       --filter <filter>
              Filter  responses  using  the  specified expression (Use BBB for taking values from
              baseline) It should be composed of:  c,l,w,h/and,or/=,<,>,!=,<=,>=  Keyword:  FUZZ,
              ..., FUZnZ  wherever you put these keywords wfuzz will replace them with the values
              of the specified payload.  Baseline: FUZZ{baseline_value} FUZZ will be replaced  by
              baseline_value.  It will be the first request performed and could be used as a base
              for filtering.

       --prefilter <filter>
              Filter items before fuzzing using the specified expression.

EXAMPLES

              wfuzz -c -z file,users.txt -z file,pass.txt --sc 200 http://www.site.com/log.asp?user=FUZZ&pass=FUZ2Z

              wfuzz -c -z range,1-10 --hc=BBB http://www.site.com/FUZZ{something not there}

              wfuzz --script=robots -z list,robots.txt http://www.webscantest.com/FUZZ

       More examples are available in the README..