Wfuzz is a web application fuzzer and Python library for security assessments.
It works by replacing FUZZ keywords in HTTP requests with payload values, which makes it useful for testing parameters, forms, authentication fields, directories, files, cookies, headers, and other request components. The project also includes companion tools for payload generation and encoding, giving testers a flexible toolkit for manual and semi-automatic web application testing.
This is free and open source software.
Key Features
- Injects payload data into many parts of an HTTP request, including URLs, POST data, cookies, headers, and authentication fields.
- Supports plugins for extending scanning and parsing functionality.
- Provides multiple payload sources and iterators for combining wordlists and generated values.
- Includes filtering options and baseline comparisons to reduce noisy results.
- Ships with companion utilities such as wfpayload for payload generation and wfencode for encoding and decoding tasks.
- Can be installed with pip or run from an official Docker image.
Website: github.com/xmendez/wfuzz
Support:
Developer: Xavi Mendez
License: GNU General Public License v2.0
Wfuzz is written in Python. Learn Python with our recommended free books and free tutorials.
Related Software
| Security Testing | |
|---|---|
| ZAP | Web app scanner |
| mitmproxy | Interactive HTTPS proxy |
| Wfuzz | Web application fuzzer and Python library for security assessments |
| sqlmap | Penetration testing tool |
| InterceptSuite | Network traffic interception tool |
| Dalfox | Identify cross-site scripting vulnerabilities in web applications |
| Commix | Python-based penetration testing tool |
| BURP | Accelerate application security testing |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |