wfuzz offers several options for displaying the output of the fuzzing process. These options can be used to customize the format and level of detail in the output.
### Quiet mode
The `-q` or `--quiet` option can be used to suppress all output except for the final results. This is useful when you only want to see the final output and don't need any additional information.
### Verbose mode
The `-v` or `--verbose` option can be used to enable verbose mode, which provides more detailed output. This includes information about each request made during the fuzzing process, such as the request URL, response status code, and response headers.
### Output format
The `-o` or `--output` option can be used to specify the format of the output. By default, wfuzz outputs the results in a table format. However, you can also choose to output the results in other formats, such as JSON or XML, by specifying the appropriate format option.
The `-o` or `--output` option can also be used to specify the output file. By default, wfuzz outputs the results to the console. However, you can redirect the output to a file by specifying the file path after the `-o` option.
The `-f` or `--filter` option can be used to filter the output based on specific criteria. This allows you to only display the results that match the specified criteria. For example, you can filter the output to only show the results with a specific response status code or response length.
### Output coloring
The `--hc` or `--highlight-color` option can be used to enable output coloring. This highlights specific parts of the output, such as the request URL or response status code, in different colors to make it easier to read and analyze.
These output options provide flexibility and customization in how the fuzzing results are displayed, allowing you to focus on the information that is most relevant to your needs.
- **URL encoding**: This option encodes special characters in the URL using percent-encoding. For example, the space character is encoded as "%20".
- **HTML encoding**: This option encodes special characters in HTML entities. For example, the less-than symbol "<" is encoded as "<".
- **Base64 encoding**: This option encodes data using the Base64 algorithm. It is commonly used for encoding binary data.
- **Hex encoding**: This option encodes data using hexadecimal representation. Each byte is represented by two hexadecimal digits.
- **Unicode encoding**: This option encodes data using Unicode characters. It is useful for bypassing filters that only allow ASCII characters.
To use an encoder, you can specify it with the `--encoding` option followed by the desired encoder. For example, to use URL encoding, you can use the `--encoding url` option.
wfuzz is a web application brute forcer that allows you to perform complex attacks by combining different parameters. In this section, we will explore some advanced features of wfuzz.
To perform GET requests with wfuzz, you can use the `-z` option followed by the payload file. The payload file should contain a list of values to be tested for each parameter. For example:
wfuzz also allows you to use two lists of values for each parameter. This can be useful when you want to test combinations of different values. To use two lists, you can use the `-z` option followed by the payload file, and then use the `::` separator to specify the second list. For example:
The `-f` option in wfuzz allows you to filter the responses based on a specific string. This can be useful when you want to focus on specific responses that contain certain keywords. For example:
wfuzz supports proxying requests through a proxy server. You can use the `--proxy` option followed by the proxy URL to specify the proxy server. For example:
wfuzz allows you to specify cookies to be included in the requests. You can use the `--cookie` option followed by the cookie value to specify the cookies. For example:
wfuzz can be used to brute force HTTP verbs (methods) by specifying a file containing a list of verbs to test. This can be useful for identifying hidden or misconfigured endpoints that respond differently to different HTTP methods.
To use a file for HTTP verb brute forcing, you can create a text file with one verb per line. For example, you can create a file called `verbs.txt` with the following content:
Then, you can use wfuzz with the `--hc` option to specify the desired response code and the `--hw` option to specify a word that should be present in the response when the verb is allowed. For example, to brute force the HTTP verbs using the `verbs.txt` file, you can run the following command:
In this command, `-c` is used to display the output in a compact format, `-z file,verbs.txt` specifies the file containing the list of verbs, `--hc 200` specifies that the response code should be 200, and `--hw "OK"` specifies that the word "OK" should be present in the response.
By replacing `FUZZ` in the URL with the appropriate placeholder, wfuzz will replace it with each verb from the file and send a request to the target URL. If the response code is 200 and the word "OK" is present in the response, it means that the verb is allowed.
Using a file for HTTP verb brute forcing can help you discover hidden functionality or misconfigurations in web applications. However, it is important to note that brute forcing HTTP verbs can be time-consuming and may trigger security mechanisms, so it should be used responsibly and with proper authorization.
The `wfuzz` tool allows you to use inline lists to fuzz different values in a request. This can be useful when you want to test multiple inputs or parameters at once.
To use an inline list, you need to enclose the list of values in curly braces `{}` and separate each value with a comma. For example, if you want to fuzz the `username` parameter with a list of common usernames, you can use the following syntax:
In this example, the `FUZZ` keyword is used to indicate the position where the values from the list will be injected. The `-w` option specifies the path to the file containing the list of usernames.
You can also use multiple inline lists in a single request. For example, if you want to fuzz both the `username` and `password` parameters, you can use the following syntax:
In this case, the `FUZZ` keyword is used for the `username` parameter, and the `FUZZ2` keyword is used for the `password` parameter. The `-w` option is used twice to specify the paths to the files containing the lists of usernames and passwords.
