Wfuzz - Web Application Password Cracking Tool

Wfuzz - Web Application Password Cracking Tool

Wfuzz is a web application password cracker that has a lot of features such as post data brute-forcing, header brute-forcing, colored output, URL encoding, cookie fuzzing, multi-threading, multiple proxy support, SOCK support, authentication support, baseline support, and more.

It also offers multiple Injection points capability with multiple dictionaries, and recursion (when doing directory brute-force), and the HEAD scan (faster resource discovery) feature.

Wfuzz allows you to define as many encoders as you need for each payload independently. It also allows you to combine your payloads in different ways by specifying iterators.

Wfuzz Screenshot

1 comment :

  1. Its a great tool, I accept it.
    But how to analyse the output of this tool.

    let say I've executed
    wfuzz -c -z file,/usr/share/wfuzz/wordlist/vulns/sql_inj.txt -v --hc 404

    Output of this tool is:
    Total time: 6.830085
    Processed Requests: 42
    Filtered Requests: 14
    Requests/sec.: 6.149263

    What we should infer from it???


Powered by Blogger.