Skip to content
Web application fuzzer
Python Other
  1. Python 99.9%
  2. Other 0.1%
Branch: master
Clone or download

Latest commit

xmendez Fix pycurl unhandled exception #180 (#196)
New requests are added in the pycurl multi thread after perform (Fixes #180 )
Added py3.8 test job in travis and setup.py (fixes #190 )
Removed python 2 travis tests while figuring out with the build stalls when they run succesfully in Tox
Latest commit f7bbca4 May 9, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs add dlopen issues to macos installation Mar 5, 2020
src Fix pycurl unhandled exception #180 (#196) May 9, 2020
tests ignore crlf until request line Dec 31, 2019
wordlist Merge pull request #134 from xmendez/dev Apr 27, 2019
.gitignore Add .idea to .gitignore Oct 29, 2019
.travis.yml Fix pycurl unhandled exception #180 (#196) May 9, 2020
ISSUE_TEMPLATE.md
LICENSE Initial commit Oct 22, 2014
MANIFEST.in --filter-help reads from docs Apr 27, 2019
Makefile updte flake8 ignore list in makefile Jan 12, 2019
README.md add pypi downloads Apr 19, 2020
requirements.txt Add missing dependency colorama. Mar 27, 2020
setup.py Fix pycurl unhandled exception #180 (#196) May 9, 2020
tox.ini add python 3.7 to tox Oct 20, 2019
wfencode quote cli scripts args Nov 22, 2017
wfencode.bat Windows runner scripts. Mar 27, 2020
wfpayload quote cli scripts args Nov 22, 2017
wfpayload.bat Windows runner scripts. Mar 27, 2020
wfuzz quote cli scripts args Nov 22, 2017
wfuzz.bat Windows runner scripts. Mar 27, 2020
wfuzz_bash_completion use wfuzz in the bash completion script Apr 9, 2019
wxfuzz binaries reorg Nov 21, 2017
wxfuzz.bat Windows runner scripts. Mar 27, 2020

README.md

Build Status

Wfuzz - The Web Fuzzer

Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.

A payload in Wfuzz is a source of data.

This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc.

Wfuzz is more than a web content scanner:

  • Wfuzz could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz’s web application vulnerability scanner is supported by plugins.

  • Wfuzz is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Building plugins is simple and takes little more than a few minutes.

  • Wfuzz exposes a simple language interface to the previous HTTP requests/responses performed using Wfuzz or other tools, such as Burp. This allows you to perform manual and semi-automatic tests with full context and understanding of your actions, without relying on a web application scanner underlying implementation.

It was created to facilitate the task in web applications assessments, it's a tool by pentesters for pentesters ;)

Installation

To install WFuzz, simply use pip:

pip install wfuzz

Documentation

Documentation is available at http://wfuzz.readthedocs.io

Download

Check github releases. Latest is available at https://github.com/xmendez/wfuzz/releases/latest

You can’t perform that action at this time.