maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/pentesting-web/web-tool-wfuzz.md

121 lines
4.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Web Tool - WFuzz
{{#include ../banners/hacktricks-training.md}}
Web uygulamalarını her yerde FUZZ yapmak için bir araç.
> [Wfuzz](https://github.com/xmendez/wfuzz), web uygulama değerlendirmelerinde görevi kolaylaştırmak için oluşturulmuştur ve basit bir konsepte dayanmaktadır: FUZZ anahtar kelimesine yapılan her referansı verilen bir yükün değeriyle değiştirir.
## Kurulum
Kali'ye kuruldu
Github: [https://github.com/xmendez/wfuzz](https://github.com/xmendez/wfuzz)
```
pip install wfuzz
```
## Filtreleme seçenekleri
```bash
--hs/ss "regex" #Hide/Show
#Simple example, match a string: "Invalid username"
#Regex example: "Invalid *"
--hc/sc CODE #Hide/Show by code in response
--hl/sl NUM #Hide/Show by number of lines in response
--hw/sw NUM #Hide/Show by number of words in response
--hh/sh NUM #Hide/Show by number of chars in response
--hc/sc NUM #Hide/Show by response code
```
## Çıktı seçenekleri
```bash
wfuzz -e printers #Prints the available output formats
-f /tmp/output,csv #Saves the output in that location in csv format
```
### Kodlayıcı seçenekleri
```bash
wfuzz -e encoders #Prints the available encoders
#Examples: urlencode, md5, base64, hexlify, uri_hex, doble urlencode
```
Bir encoder kullanmak için, bunu **"-w"** veya **"-z"** seçeneğinde belirtmeniz gerekir.
Örnekler:
```bash
-z file,/path/to/file,md5 #Will use a list inside the file, and will transform each value into its md5 hash before sending it
-w /path/to/file,base64 #Will use a list, and transform to base64
-z list,each-element-here,hexlify #Inline list and to hex before sending values
```
## CheatSheet
### Giriş Formu bruteforce
#### **POST, Tek liste, filtre dizesi (gizle)**
```bash
wfuzz -c -w users.txt --hs "Login name" -d "name=FUZZ&password=FUZZ&autologin=1&enter=Sign+in" http://zipper.htb/zabbix/index.php
#Here we have filtered by line
```
#### **POST, 2 liste, filtre kodu (göster)**
```bash
wfuzz.py -c -z file,users.txt -z file,pass.txt --sc 200 -d "name=FUZZ&password=FUZ2Z&autologin=1&enter=Sign+in" http://zipper.htb/zabbix/index.php
#Here we have filtered by code
```
#### **GET, 2 liste, filtre string (göster), proxy, çerezler**
```bash
wfuzz -c -w users.txt -w pass.txt --ss "Welcome " -p 127.0.0.1:8080:HTTP -b "PHPSESSIONID=1234567890abcdef;customcookie=hey" "http://example.com/index.php?username=FUZZ&password=FUZ2Z&action=sign+in"
```
### Bruteforce Dizin/RESTful bruteforce
[Arjun parametreleri kelime listesi](https://raw.githubusercontent.com/s0md3v/Arjun/master/arjun/db/params.txt)
```
wfuzz -c -w /tmp/tmp/params.txt --hc 404 https://domain.com/api/FUZZ
```
### Path Parametreleri BF
```bash
wfuzz -c -w ~/git/Arjun/db/params.txt --hw 11 'http://example.com/path%3BFUZZ=FUZZ'
```
### Header Authentication
#### **Temel, 2 liste, filtreleme dizesi (göster), proxy**
```bash
wfuzz -c -w users.txt -w pass.txt -p 127.0.0.1:8080:HTTP --ss "Welcome" --basic FUZZ:FUZ2Z "http://example.com/index.php"
```
#### **NTLM, 2 liste, filtre dizesi (göster), proxy**
```bash
wfuzz -c -w users.txt -w pass.txt -p 127.0.0.1:8080:HTTP --ss "Welcome" --ntlm 'domain\FUZZ:FUZ2Z' "http://example.com/index.php"
```
### Cookie/Header bruteforce (vhost brute)
#### **Cookie, filtre kodu (göster), proxy**
```bash
wfuzz -c -w users.txt -p 127.0.0.1:8080:HTTP --ss "Welcome " -H "Cookie:id=1312321&user=FUZZ" "http://example.com/index.php"
```
#### **Kullanıcı-Agent, filtre kodu (gizle), proxy**
```bash
wfuzz -c -w user-agents.txt -p 127.0.0.1:8080:HTTP --ss "Welcome " -H "User-Agent: FUZZ" "http://example.com/index.php"
```
#### **Ana Makine**
```bash
wfuzz -c -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-
top1million-20000.txt --hc 400,404,403 -H "Host: FUZZ.example.com" -u
http://example.com -t 100
```
### HTTP Fiilleri (metotlar) brute force
#### **Dosya Kullanarak**
```bash
wfuzz -c -w methods.txt -p 127.0.0.1:8080:HTTP --sc 200 -X FUZZ "http://example.com/index.php"
```
#### **Satır içi liste kullanma**
```bash
$ wfuzz -z list,GET-HEAD-POST-TRACE-OPTIONS -X FUZZ http://testphp.vulnweb.com/
```
### Dizin ve Dosya Bruteforce
```bash
#Filter by whitelisting codes
wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --sc 200,202,204,301,302,307,403 http://example.com/uploads/FUZZ
```
## Webleri Aşmak için Araç
[https://github.com/carlospolop/fuzzhttpbypass](https://github.com/carlospolop/fuzzhttpbypass)
{{#include ../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink