WFUZZ
Wfuzz XSS Fuzzing
code
wfuzz -c -z file,/usr/share/seclists/Fuzzing/XSS/XSS-BruteLogic.txt "$URL"wfuzz -c -z file,/usr/share/seclists/Fuzzing/XSS/XSS-Jhaddix.txt "$URL"Command Injection With Post Data
code
wfuzz -c -z file,/usr/share/seclists/Fuzzing/command-injection-commix.txt -d "doi=FUZZ" "$URL"Parameter - Test For Parameter Existence
--hc/hl/hw/hh N[,N]+ : Hide responses with the specified code/lines/words/chars (Use BBB for taking values from baseline)
code
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt "$URL"example
Parameter Value Fuzzing
code
export URL='http://192.168.1.165/thankyou.php?file=FUZZ"wfuzz -c -z file,/usr/share/seclists/Fuzzing/LFI/LFI-Jhaddix.txt --hh 835 "$URL"example
Directories - Authenticated Fuzzing Directories
code
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt --hc 404 -d "SESSIONID=value" "$URL"Authenticated File Fuzzing
code
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt --hc 404 -d "SESSIONID=value" "$URL"Fuzz Directories
code
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-large-directories.txt --hc 404 "$URL"Fuzz Files
code
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-large-files.txt --hc 404 "$URL"Large Words
code
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-large-words.txt --hc 404 "$URL"Users
code
wfuzz -c -z file,/usr/share/seclists/Usernames/top-usernames-shortlist.txt --hc 404,403 "$URL"Last updated