wfuzz

wfuzz#

Web fuzzer for content / parameter / auth discovery (Kali). Authorized testing only.

$ wfuzz -c -z file,/usr/share/wordlists/dirb/common.txt https://example.com/FUZZ
$ wfuzz -c -z range,1-65535 --hc 404 https://example.com/api/item/FUZZ
$ wfuzz -c -z file,users.txt -z file,passwords.txt --hc 401 \
    -d "user=FUZZ&pass=FUZ2Z" https://example.com/login