Wfuzz is a Python-based web application fuzzer that uses the replacive technique to replace the FUZZ keyword in the command with the fuzz vectors given to the fuzzer. This fuzzer can perform complex web security attacks in different web application components, such as parameters, authentication, forms, directories/files, and headers. Wfuzz is also equipped with a variety of modules, including iterators, encoders, payloads, printers, and scripts. Depending upon the web application, we can use these modules to perform successful fuzz testing:
- We can install the Wfuzz tool by cloning the GitHub repository, as we can see in the following screenshot:
- Before running the tool, we need to install it by executing the python setup.py install command. This will install all the files on the system, as we can see in the following screenshot:
- To confirm whether the tool has been successfully installed or not, let's execute the wfuzz -h command:
Let's now install the second tool that we'll use in this chapter, Fuzz Faster U Fool (ffuf).