scan vhost
wfuzz -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -H "Host: FUZZ.host.com" --hc 200 --hw 356 -t 100 10.10.10.101
wfuzz -c -w -d "password=FUZZ" -u "http://IP_ADDRESS" --hh 474 -t 42
-c Output text with colors nice feature.
-w wordlist
-d Post-Data request
-u url
--hh hide response chars length
-t threads
wfuzz -c -z file,/root/Documents/MrRobot/fsoc.dic — hs Invalid -d “log=FUZZ&pwd=aaaaa” http://192.168.240.129/wp-login.php
wfuzz -c -z file,/root/necromancer/thing.txt — hc 404 http://192.168.56.102/amagicbridgeappearsatthechasm/FUZZ
scan subdomain
wfuzz -c -z file,domains.txt -Z -t 100 --sc 200,301,302 -H 'X-HackerOne: emitrani' https://FUZZ/
Created
August 6, 2020 08:32
-
-
Save k3mlol/1a47903849d00323b27c20782da7c557 to your computer and use it in GitHub Desktop.
wfuzz domain
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment