Wfuzz Cheat Blatt
Überblick
Wfuzz ist ein Web-Anwendung Fuzzer entwickelt, um Web-Anwendung Bewertungen zu erleichtern. Es kann verwendet werden, um Ressourcen zu finden, die nicht verknüpft sind (Regisseuren, servlets, Scripts, etc.), bruteforce GET und POST-Parameter, bruteforce Forms-Parameter (Benutzer/Passwort), Fuzzing, etc. Wfuzz ist ein leistungsstarkes Tool, um versteckte Inhalte zu entdecken, Schwachstellen zu testen und umfassende Sicherheitsbewertungen für Webanwendungen durchzuführen.
ZEIT Warning: Verwenden Sie Wfuzz nur gegen Anwendungen, die Sie besitzen oder eine ausdrückliche Erlaubnis zum Testen haben. Unberechtigte Tests können gegen die Nutzungsbedingungen oder lokale Gesetze verstoßen.
Installation
Python Paket Installation
```bash
Install via pip
pip install wfuzz
Install with all dependencies
pip install wfuzz[complete]
Install development version
pip install git+https://github.com/xmendez/wfuzz.git
Verify installation
wfuzz --version ```_
Systempaket Installation
```bash
Ubuntu/Debian
sudo apt update sudo apt install wfuzz
CentOS/RHEL/Fedora
sudo yum install wfuzz
or
sudo dnf install wfuzz
Arch Linux
sudo pacman -S wfuzz
macOS with Homebrew
brew install wfuzz ```_
Docker Installation
```bash
Pull Docker image
docker pull ghcr.io/xmendez/wfuzz:latest
Run with Docker
docker run --rm -it ghcr.io/xmendez/wfuzz:latest --help
Create alias for easier usage
echo 'alias wfuzz="docker run --rm -it -v $(pwd):/data ghcr.io/xmendez/wfuzz:latest"' >> ~/.bashrc source ~/.bashrc ```_
Manuelle Installation
```bash
Clone repository
git clone https://github.com/xmendez/wfuzz.git cd wfuzz
Install dependencies
pip install -r requirements.txt
Install
python setup.py install
Or run directly
python wfuzz.py --help ```_
Basisnutzung
Verzeichnis und Dateientdeckung
```bash
Basic directory fuzzing
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hc 404 http://target.com/FUZZ
File extension fuzzing
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -w /usr/share/wordlists/wfuzz/extensions/extensions.txt --hc 404 http://target.com/FUZZ.FUZ2Z
Subdirectory fuzzing
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hc 404 http://target.com/admin/FUZZ
Multiple directory levels
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -w /usr/share/wordlists/dirb/common.txt --hc 404 http://target.com/FUZZ/FUZ2Z
Backup file discovery
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hc 404 http://target.com/FUZZ.bak wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hc 404 http://target.com/FUZZ~ ```_
Parameter Fuzzing
```bash
GET parameter fuzzing
wfuzz -c -w /usr/share/wordlists/wfuzz/Injections/SQL.txt "http://target.com/search.php?q=FUZZ"
POST parameter fuzzing
wfuzz -c -w /usr/share/wordlists/wfuzz/Injections/SQL.txt -d "username=admin&password;=FUZZ" http://target.com/login.php
Multiple parameter fuzzing
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -w /usr/share/wordlists/dirb/common.txt "http://target.com/search.php?FUZZ=FUZ2Z"
Header fuzzing
wfuzz -c -w /usr/share/wordlists/wfuzz/Injections/SQL.txt -H "X-Forwarded-For: FUZZ" http://target.com/
Cookie fuzzing
wfuzz -c -w /usr/share/wordlists/wfuzz/Injections/SQL.txt -b "sessionid=FUZZ" http://target.com/ ```_
Subdomain Discovery
```bash
Subdomain enumeration
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -H "Host: FUZZ.target.com" --hc 404 http://target.com/
Subdomain with custom wordlist
wfuzz -c -w subdomains.txt -H "Host: FUZZ.target.com" --hc 404 http://target.com/
Virtual host discovery
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -H "Host: FUZZ" --hc 404 http://192.168.1.100/ ```_
Erweiterte Nutzung
Authentifizierung und Sitzungen
```bash
Basic authentication
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --basic admin:password --hc 404 http://target.com/FUZZ
Cookie-based authentication
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -b "PHPSESSID=abc123; auth=true" --hc 404 http://target.com/FUZZ
Custom headers for authentication
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -H "Authorization: Bearer token123" --hc 404 http://target.com/FUZZ
Session-based fuzzing
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -H "Cookie: session=valid_session_id" --hc 404 http://target.com/FUZZ ```_
Erweiterte Filterung
```bash
Hide specific response codes
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hc 404,403,500 http://target.com/FUZZ
Hide specific response sizes
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hh 1234 http://target.com/FUZZ
Hide responses with specific words
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hw 100 http://target.com/FUZZ
Hide responses with specific lines
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hl 50 http://target.com/FUZZ
Show only specific response codes
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --sc 200,301,302 http://target.com/FUZZ
Complex filtering
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hc 404 --hh 1234 --hw 100 http://target.com/FUZZ ```_
Proxy und Netzwerkoptionen
```bash
Use proxy
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -p 127.0.0.1:8080 --hc 404 http://target.com/FUZZ
Use SOCKS proxy
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -p 127.0.0.1:9050:SOCKS5 --hc 404 http://target.com/FUZZ
Custom timeout
wfuzz -c -w /usr/share/wordlists/dirb/common.txt --conn-delay 2 --req-delay 1 --hc 404 http://target.com/FUZZ
Concurrent connections
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -t 50 --hc 404 http://target.com/FUZZ
Follow redirects
wfuzz -c -w /usr/share/wordlists/dirb/common.txt -L --hc 404 http://target.com/FUZZ ```_
Wordlisten und Payloads
Gemeinsame Wortlisten
```bash
Directory wordlists
/usr/share/wordlists/dirb/common.txt /usr/share/wordlists/dirb/big.txt /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
File wordlists
/usr/share/wordlists/wfuzz/general/common.txt /usr/share/wordlists/wfuzz/general/admin-panels.txt /usr/share/wordlists/wfuzz/general/megabeast.txt
Parameter wordlists
/usr/share/wordlists/wfuzz/Injections/SQL.txt /usr/share/wordlists/wfuzz/Injections/XSS.txt /usr/share/wordlists/wfuzz/Injections/Traversal.txt
Subdomain wordlists
/usr/share/wordlists/wfuzz/general/subdomains-top1mil-5000.txt /usr/share/wordlists/wfuzz/general/subdomains-top1mil-20000.txt ```_
Benutzerdefinierte Wordlist-Erstellung
```bash
Create custom wordlist
cat > custom_dirs.txt << 'EOF' admin administrator panel dashboard control manage backend api v1 v2 test dev staging EOF
Use custom wordlist
wfuzz -c -w custom_dirs.txt --hc 404 http://target.com/FUZZ
Combine wordlists
cat /usr/share/wordlists/dirb/common.txt custom_dirs.txt > combined.txt wfuzz -c -w combined.txt --hc 404 http://target.com/FUZZ ```_
Payload Generators
```bash
Range payload
wfuzz -c -z range,1-100 --hc 404 http://target.com/user/FUZZ
List payload
wfuzz -c -z list,admin-test-guest --hc 404 http://target.com/FUZZ
File payload
wfuzz -c -z file,/usr/share/wordlists/dirb/common.txt --hc 404 http://target.com/FUZZ
Hexrange payload
wfuzz -c -z hexrange,0x00-0xFF --hc 404 http://target.com/id/FUZZ
Date payload
wfuzz -c -z range,2020-2024 -z range,01-12 -z range,01-31 --hc 404 "http://target.com/backup/FUZ2Z-FUZ3Z-FUZZ.sql" ```_
Spezialisierte Techniken
SQL Injection Testing
```bash
Basic SQL injection fuzzing
wfuzz -c -w /usr/share/wordlists/wfuzz/Injections/SQL.txt "http://target.com/search.php?id=FUZZ"
Time-based SQL injection
wfuzz -c -w /usr/share/wordlists/wfuzz/Injections/SQL.txt --filter "r.elapsed>5" "http://target.com/search.php?id=FUZZ"
Error-based SQL injection
| wfuzz -c -w /usr/share/wordlists/wfuzz/Injections/SQL.txt --filter "r.content~'error | mysql | sql'" "http://target.com/search.php?id=FUZZ" |
POST SQL injection
wfuzz -c -w /usr/share/wordlists/wfuzz/Injections/SQL.txt -d "username=admin&password;=FUZZ" --filter "r.content~'welcome|dashboard'" http://target.com/login.php ```_
XSS Prüfung
```bash
Reflected XSS testing
wfuzz -c -w /usr/share/wordlists/wfuzz/Injections/XSS.txt "http://target.com/search.php?q=FUZZ"
XSS in parameters
wfuzz -c -w /usr/share/wordlists/wfuzz/Injections/XSS.txt -d "comment=FUZZ" http://target.com/comment.php
XSS filter bypass
wfuzz -c -w xss_payloads.txt --filter "r.content~'