Library Options

All options that are available within the Wfuzz command line interface are available as library options:

CLI Option Library Option
<URL> url=”url”
–recipe <filename> recipe=”filename”
–oF <filename> save=”filename”
-f filename,printer printer=(“filename”, “printer”)
–dry-run dryrun=True
-p addr proxies=[(“ip”,”port”,”type”)]
-t N concurrent=N
-s N delay=0.0
-R depth rleve=depth
–follow follow=True
-Z scanmode=True
–req-delay N req_delay=0
–conn-delay N conn_delay=0.0
–script=<plugins> script=”plugins”
–script-args n1=v1,... script_args={n1: v1}
-m iterator iterator=”iterator”
-z payload payloads=[(“name”,{default=””,encoder=[“md5”]},slice=””),]
-V alltype allvars=”alltype”
-X method method=”method”
–hc/hl/hw/hh N[,N]+ hc/hl/hw/hh=[N,N]
–sc/sl/sw/sh N[,N]+ sc/sl/sw/sh=[N,N]
–ss/hs regex ss/hs=”regex”
–filter <filter> filter=”filter exp”
–prefilter <filter> prefilter=”prefilter exp”
-b cookie cookie=[“cookie1=value1”,]
-d postdata postdata=”postdata”
-H header headers=[(“header1”, “value1”),]
–basic/ntlm/digest auth auth=(“basic”, “user:pass”)

These options can be used in the main library interfaces: fuzz, payload or session indistinctly.

Fuzzing a URL

Fuzzing a URL with wfuzz library is very simple. Firstly, import the wfuzz module:

>>> import wfuzz

Now, let’s try to fuzz a webpage to look for hidden content, such as directories. For this example, let’s use Acunetix’s testphp (http://testphp.vulnweb.com/):

>>> import wfuzz
>>> for r in wfuzz.fuzz(url="http://testphp.vulnweb.com/FUZZ", hc=[404], payloads=[("file",dict(fn="wordlist/general/common.txt"))]):
...     print r
...
00060:  C=301      7 L        12 W          184 Ch        "admin"
00183:  C=403     10 L        29 W          263 Ch        "cgi-bin"
00429:  C=301      7 L        12 W          184 Ch        "images"
...

Now, we have a FuzzResult object called r. We can get all the information we need from this object.

FuzzSession object

A FuzzSession object has all the methods of the main wfuzz API.

The FuzzSession object allows you to persist certain parameters across fuzzing sessions:

>>> import wfuzz
>>> s=wfuzz.FuzzSession(url="http://testphp.vulnweb.com/FUZZ")
>>> for r in s.fuzz(hc=[404], payloads=[("file",dict(fn="wordlist/general/common.txt"))]):
...     print r
...
00060:  C=301      7 L        12 W          184 Ch        "admin"
00183:  C=403     10 L        29 W          263 Ch        "cgi-bin"
...

FuzzSession can also be used as context manager:

>>> with wfuzz.FuzzSession(url="http://testphp.vulnweb.com/FUZZ", hc=[404], payloads=[("file",dict(fn="wordlist/general/common.txt"))]) as s:
...     for r in s.fuzz():
...             print r
...
00295:  C=301      7 L        12 W          184 Ch        "admin"
00418:  C=403     10 L        29 W          263 Ch        "cgi-bin"

Get payload

The get_payload function generates a Wfuzz payload from a Python iterable. It is a quick and flexible way of getting a payload programatically without using Wfuzz payloads plugins.

Generating a new payload and start fuzzing is really simple:

>>> import wfuzz
>>> for r in wfuzz.get_payload(range(5)).fuzz(url="http://testphp.vulnweb.com/FUZZ"):
...     print r
...
00012:  C=404      7 L        12 W          168 Ch        "0"
00013:  C=404      7 L        12 W          168 Ch        "1"
00014:  C=404      7 L        12 W          168 Ch        "2"
00015:  C=404      7 L        12 W          168 Ch        "3"
00016:  C=404      7 L        12 W          168 Ch        "4"
>>>

The get_payloads method can be used when various payloads are needed:

>>> import wfuzz
>>> for r in wfuzz.get_payloads([range(5), ["a","b"]]).fuzz(url="http://testphp.vulnweb.com/FUZZ/FUZ2Z"):
...     print r
...
00028:  C=404      7 L        12 W          168 Ch        "4 - b"
00027:  C=404      7 L        12 W          168 Ch        "4 - a"
00024:  C=404      7 L        12 W          168 Ch        "2 - b"
00026:  C=404      7 L        12 W          168 Ch        "3 - b"
00025:  C=404      7 L        12 W          168 Ch        "3 - a"
00022:  C=404      7 L        12 W          168 Ch        "1 - b"
00021:  C=404      7 L        12 W          168 Ch        "1 - a"
00020:  C=404      7 L        12 W          168 Ch        "0 - b"
00023:  C=404      7 L        12 W          168 Ch        "2 - a"
00019:  C=404      7 L        12 W          168 Ch        "0 - a"
>>>

Get session

The get_session function generates a Wfuzz session object from the specified command line. It is a quick way of getting a payload programatically from a string representing CLI options:

$ python
>>> import wfuzz
>>> for r in wfuzz.get_session("-z range,0-10 http://testphp.vulnweb.com/FUZZ").fuzz():
...     print r
...
00002:  C=404      7 L        12 W          168 Ch        "1"
00011:  C=404      7 L        12 W          168 Ch        "10"
00008:  C=404      7 L        12 W          168 Ch        "7"
00001:  C=404      7 L        12 W          168 Ch        "0"
00003:  C=404      7 L        12 W          168 Ch        "2"
00004:  C=404      7 L        12 W          168 Ch        "3"
00005:  C=404      7 L        12 W          168 Ch        "4"
00006:  C=404      7 L        12 W          168 Ch        "5"
00007:  C=404      7 L        12 W          168 Ch        "6"
00009:  C=404      7 L        12 W          168 Ch        "8"
00010:  C=404      7 L        12 W          168 Ch        "9"