Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #613 from OxNinja/OxNinja-patch-1

Browse source 
Fix wfuzz typos
This commit is contained in:
Carlos Polop 2023-04-05 13:48:20 +02:00 committed by GitHub
commit f7565fda39
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
pentesting-web/web-tool-wfuzz.md
View file

@ -58,13 +58,13 @@ wfuzz -e encoders #Prints the available encoders
#Examples: urlencode, md5, base64, hexlify, uri_hex, doble urlencode #Examples: urlencode, md5, base64, hexlify, uri_hex, doble urlencode
``` ```
In order to use a encoder, you have to indicate it in the **"-w"** or **"-z"** option. In order to use an encoder, you have to indicate it in the **"-w"** or **"-z"** option.
Examples: Examples:
```bash ```bash
-z file,/path/to/file,md5 #Will use a list inside the file, and will trnasform each value into its md5 hash before sending it -z file,/path/to/file,md5 #Will use a list inside the file, and will transform each value into its md5 hash before sending it
-w /path/to/file,base64 #Will use a list, and transforms to base64 -w /path/to/file,base64 #Will use a list, and transform to base64
-z list,each-element-here,hexlify #Inline list and to hex before sending values -z list,each-element-here,hexlify #Inline list and to hex before sending values
``` ```
@ -79,7 +79,7 @@ wfuzz -c -w users.txt --hs "Login name" -d "name=FUZZ&password=FUZZ&autologin=1&
#Here we have filtered by line #Here we have filtered by line
``` ```
#### **POST, 2 lists, filder code (show)** #### **POST, 2 lists, filter code (show)**
```bash ```bash
wfuzz.py -c -z file,users.txt -z file,pass.txt --sc 200 -d "name=FUZZ&password=FUZ2Z&autologin=1&enter=Sign+in" http://zipper.htb/zabbix/index.php wfuzz.py -c -z file,users.txt -z file,pass.txt --sc 200 -d "name=FUZZ&password=FUZ2Z&autologin=1&enter=Sign+in" http://zipper.htb/zabbix/index.php
@ -92,7 +92,7 @@ wfuzz.py -c -z file,users.txt -z file,pass.txt --sc 200 -d "name=FUZZ&password=F
wfuzz -c -w users.txt -w pass.txt --ss "Welcome " -p 127.0.0.1:8080:HTTP -b "PHPSESSIONID=1234567890abcdef;customcookie=hey" "http://example.com/index.php?username=FUZZ&password=FUZ2Z&action=sign+in" wfuzz -c -w users.txt -w pass.txt --ss "Welcome " -p 127.0.0.1:8080:HTTP -b "PHPSESSIONID=1234567890abcdef;customcookie=hey" "http://example.com/index.php?username=FUZZ&password=FUZ2Z&action=sign+in"
``` ```
### Bruteforce Dicrectory/RESTful bruteforce ### Bruteforce Directory/RESTful bruteforce
[Arjun parameters wordlist](https://raw.githubusercontent.com/s0md3v/Arjun/master/arjun/db/params.txt) [Arjun parameters wordlist](https://raw.githubusercontent.com/s0md3v/Arjun/master/arjun/db/params.txt)