Wfuzz 2.2 - The Web Fuzzer

Version 1.4d to 2.2 developed by:

Xavier Mendez ([email protected])

Version up to 1.4c developed by:

Christian Martorella ([email protected])
Carlos del ojo ([email protected])

Changelog 2.2.0:

Main enhancements:

• Improved documentation
• Wfuzz scriptable API
• wfpayload and wfencoder utils
• wfuzz.ini for general and plugin options
• Improved filter language (introspection, operators, functions, FUZZ keyword).
• Introspection using FUZZ[field]
• Allow to run wfuzz from any folder
• Wfuzz could be installed using pip
• Dictionaries are automatically looked for at the specified directories
• Test cases
• Ability to store and reuse previous results

New features:

• req-delay and conn-delay switches
• dry-run switch
• X switch allows to specify method (removed -I switch).
• o switch writes printer output to a file
• p switch for proxy specification supports repetition
• L switch is equivalent to --follow
• zP swtich to specify further parameters to payloads
• u switch for specifying an URL
• Simple/advanced help switches
• prefilter/slice for filtering payloads.
• Improved help for payloads and plugins

Other enhancements:

• Code reorganization (using a queue pipeline for processing results).
• Bugs fixing
• Improved error handling
• Personal plugins could be stored in user's home folder.
• Plugins are stored in directories in separated files
• Improved FuzzRequest object for easier access to cookies, params...
• Plugin runtime/loading errors do not block wfuzz execution.
• A request is repeated a number of times if fails.
• Validate CLI options.
• BeautifulSoup integration
• Plugins can perform their own requests outside the execution pipeline.
• Option to encode space in the URL
• FUZZ keyword for ss/hs switches
• Improved scripts and payloads structure for creating new plugins

Plugins:

• Check for errors (WIP)
• json printer
• burplog and burpstate payloads
• wfuzzp payload
• net ipaddress payload
• dirwalk payload
• title plugin
• Backup plugin
• CVS entries plugin