Wfuzz

Description

Wfuzz is a web application fuzzer used for subdomain enumeration, directory brute forcing, and parameter fuzzing. It supports hiding results by word count, line count, or status code.

Usage 1: Subdomain Enumeration

Fuzz for subdomains using the Host header.

Command:

wfuzz -c -f sub-fighter -w /usr/share/wordlists/SecLists-master/Discovery/DNS/subdomains-top1million-5000.txt -u "http://cmess.thm/" -H "Host: FUZZ.cmess.thm" --hw 290

Usage 2: Subdomain Enumeration with Line Filter

Command:

wfuzz -c -f subdomains.txt -w /usr/share/wordlists/SecLists-master/Discovery/DNS/subdomains-top1million-5000.txt -u "http://cmess.thm/" -H "Host: FUZZ.cmess.thm" --hl 107