******************************************************** * Wfuzz 2.0 - The Web Bruteforcer * ******************************************************** Usage: /usr/bin/wfuzz [options] <url> Options: -c : Output with colors 帶顏色輸出 -v : Verbose information 版本信息 -o printer : Output format by stderr 格式化輸出 -p addr : use Proxy (ip:port or ip:port-ip:port-ip:port) 使用代理 -x type : use SOCK proxy (SOCKS4,SOCKS5) 使用sock -t N : Specify the number of threads (20 default) 進程 -s N : Specify time delay between requests (0 default) 超時時間 -e <type> : List of available encodings/payloads/iterators/printers 類型(編碼) -R depth : Recursive path discovery -I : Use HTTP HEAD instead of GET method (No HTML body responses). --follow : Follow redirections -m iterator : Specify iterator (product by default) -z payload : Specify payload (type,parameters,encoding) -V alltype : All parameters bruteforcing (allvars and allpost). No need for FUZZ keyword. -X : Payload within HTTP methods (ex: "FUZZ HTTP/1.0"). No need for FUZZ keyword. -b cookie : Specify a cookie for the requests cookie值 -d postdata : Use post data (ex: "id=FUZZ&catalogue=1") post數據包 -H headers : Use headers (ex:"Host:www.mysite.com,Cookie:id=1312321&user=FUZZ") 使用頭 --basic/ntlm/digest auth : in format "user:pass" or "FUZZ:FUZZ" or "domain\FUZ2Z:FUZZ" --hc/hl/hw/hh N[,N]+ : Hide resposnes with the specified[s] code/lines/words/chars (Use BBB for taking values from baseline) 隱藏特殊響應(狀態碼,chars響應頭長度) --hs regex : Hide responses with the specified regex within the response Keyword: FUZZ,FUZ2Z wherever you put these words wfuzz will replace them by the payload selected. Example: - wfuzz.py -c -z file,commons.txt --hc 404 -o html http://www.site.com/FUZZ 2> res.html 猜解目錄名 - wfuzz.py -c -z file,users.txt -z file,pass.txt --hc 404 http://www.site.com/log.asp?user=FUZZ&pass=FUZ2Z - wfuzz.py -c -z range,1-10 --hc=BBB http://www.site.com/FUZZ{something}
使用幫助:
路徑掃描
對比下面這張
通過一些參數,可以更快的幫組我們滲透
爆破用戶名及密碼:
測試注入:這里我沒有演示,我們可以將一些注入語句寫在文件中,這樣我們可以通過wfuzz來進行注入掃描
