<summary><strong>Learn AWS hacking from zero to hero with</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
> [Wfuzz](https://github.com/xmendez/wfuzz) has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.
The `-o` option allows you to specify the output format for the results of the fuzzing process. The available options are:
-`stdout`: This is the default option, which prints the results to the standard output.
-`file`: This option allows you to specify a file where the results will be saved. You can use the `-o` option followed by the file path to specify the output file.
For example, to save the results to a file named `output.txt`, you can use the following command:
```
wfuzz -o output.txt ...
```
### JSON output
The `-o json` option allows you to save the results in JSON format. This can be useful if you want to process the results programmatically or analyze them using other tools.
For example, to save the results in JSON format, you can use the following command:
```
wfuzz -o json ...
```
### XML output
The `-o xml` option allows you to save the results in XML format. This can be useful if you want to import the results into other tools or perform further analysis.
For example, to save the results in XML format, you can use the following command:
```
wfuzz -o xml ...
```
### HTML output
The `-o html` option allows you to save the results in HTML format. This can be useful if you want to view the results in a web browser or share them with others.
For example, to save the results in HTML format, you can use the following command:
```
wfuzz -o html ...
```
### Custom output
The `-o custom` option allows you to specify a custom output format using a template file. This can be useful if you want to customize the way the results are displayed.
For example, to use a custom template file named `template.txt`, you can use the following command:
HTML encoding is a technique used to convert special characters into their corresponding HTML entities. This is useful when dealing with user input that may contain characters that have special meaning in HTML, such as `<`, `>`, and `&`. By encoding these characters, we can prevent them from being interpreted as HTML tags or entities.
To use HTML encoding with wfuzz, you can use the `--html-encode` option. This will encode all special characters in the payload, ensuring that they are treated as literal characters and not interpreted as part of the HTML markup.
Example:
```
wfuzz --html-encode
```
#### URL Encoding
URL encoding is a technique used to convert special characters into their corresponding percent-encoded values. This is necessary when including special characters in a URL, as certain characters have special meaning and may cause issues if not properly encoded.
To use URL encoding with wfuzz, you can use the `--url-encode` option. This will encode all special characters in the payload, ensuring that they are treated as literal characters and not interpreted as part of the URL.
Base64 encoding is a technique used to convert binary data into a text format that can be safely transmitted over text-based protocols, such as HTTP. This encoding scheme represents binary data as a string of ASCII characters, making it suitable for use in situations where binary data needs to be included in a payload.
To use Base64 encoding with wfuzz, you can use the `--base64-encode` option. This will encode the payload using the Base64 encoding scheme.
Example:
```
wfuzz --base64-encode
```
#### Hex Encoding
Hex encoding is a technique used to convert binary data into a hexadecimal representation. This encoding scheme represents binary data as a string of hexadecimal digits, making it suitable for use in situations where binary data needs to be included in a payload.
To use Hex encoding with wfuzz, you can use the `--hex-encode` option. This will encode the payload using the Hex encoding scheme.
Example:
```
wfuzz --hex-encode
```
#### Unicode Encoding
Unicode encoding is a technique used to represent characters from various writing systems in a standardized way. This encoding scheme allows for the representation of characters from different languages and scripts, making it suitable for use in situations where multilingual support is required.
To use Unicode encoding with wfuzz, you can use the `--unicode-encode` option. This will encode the payload using the Unicode encoding scheme.
Example:
```
wfuzz --unicode-encode
```
#### UTF-8 Encoding
UTF-8 encoding is a variable-length encoding scheme used to represent Unicode characters. This encoding scheme allows for the representation of characters from different languages and scripts, making it suitable for use in situations where multilingual support is required.
To use UTF-8 encoding with wfuzz, you can use the `--utf8-encode` option. This will encode the payload using the UTF-8 encoding scheme.
In the context of web fuzzing, "2 lists" refers to the use of two different wordlists. These wordlists contain potential values that will be tested against the target application.
The "filter string (show)" parameter is used to specify a string that should be present in the response in order for it to be displayed. This is useful for filtering out irrelevant responses and focusing on the desired ones.
##### **proxy**
A proxy acts as an intermediary between the client and the server. It can be used to intercept and modify requests and responses, making it a valuable tool for analyzing and manipulating web traffic.
##### **cookies**
Cookies are small pieces of data stored on the client's computer by the web server. They are commonly used for session management and tracking user activity. In the context of web fuzzing, cookies can be included in requests to simulate authenticated sessions or to test specific functionalities that rely on cookies.
NTLM stands for NT LAN Manager, which is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. It is commonly used in Windows environments for user authentication.
##### **2 qetlh**
2 qetlh refers to the use of two lists during a hacking technique. These lists are typically used to perform a brute force attack or to test for vulnerabilities. The first list contains a set of usernames, while the second list contains a set of passwords. By combining the usernames and passwords from these lists, an attacker can attempt to gain unauthorized access to a system.
##### **filter string (show)**
A filter string (show) is a parameter used in hacking tools to filter and display specific information. It allows the user to define a string or pattern that the tool will use to filter the output and only display the relevant information.
A proxy is an intermediary server that acts as a gateway between a client and a server. It can be used to hide the client's IP address, bypass network restrictions, or cache and filter web content. In the context of hacking, a proxy can be used to anonymize the attacker's identity and hide their activities from being traced back to them.
wfuzz is a web application brute-forcing tool that helps in finding hidden directories, files, and parameters by launching a dictionary-based attack. It can be used to discover sensitive information, such as backup files, configuration files, and more.
#### Installation
To install wfuzz, you can use the following command:
```
$ sudo apt-get install wfuzz
```
#### Basic Usage
To perform a directory brute-force attack using wfuzz, you need to specify the target URL and the wordlist containing the directories and files to be tested. The following command demonstrates the basic usage of wfuzz:
In the above command, `-c` is used to display the output in a colored format, `-z` specifies the payload type as a file, and `wordlist.txt` is the file containing the list of directories and files to be tested. `http://target.com/FUZZ` is the target URL where `FUZZ` will be replaced by the entries from the wordlist.
In the above command, `-w` is used to specify the wordlist file, `-t` sets the number of concurrent connections to 50, `-p` specifies the proxy as `127.0.0.1:8080`, `-H` adds a custom header `Authorization: Bearer token`, `-d` specifies the POST data with `username=admin&password=FUZZ`, and `-o` saves the output to `output.txt`. `http://target.com/login` is the target URL.
#### Tips
- Use a good wordlist that covers common directories and files.
- Customize the request headers to simulate different user agents or authentication tokens.
- Use the `-o` option to save the output for further analysis.
- Be cautious while performing brute-force attacks, as they can be resource-intensive and may trigger security measures.
<summary><strong>Learn AWS hacking from zero to hero with</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
