Wfuzz

Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc.

Features

Wfuzz’s web application vulnerability scanner is supported by plugins
Wfuzz is a completely modular framework and makes it easy for even the newest of Python developers to contribute
Building plugins is simple and takes little more than a few minutes
Wfuzz exposes a simple language interface to the previous HTTP requests/responses performed using Wfuzz or other tools
Perform manual and semi-automatic tests with full context and understanding of your actions
Secure your web applications by finding and exploiting web application vulnerabilities

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 3.0 (GPLv3)

Follow Wfuzz

Wfuzz Web Site

Other Useful Business Software

Ship Agents Faster

Transform your applications and workflows into powerful agentic systems at global scale.

Gemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.

Get Started Free

Rate This Project

User Reviews

Be the first to post a review of Wfuzz!

Additional Project Details

Operating Systems

Linux, Mac, Windows

Programming Language

Python

Related Categories

Python Penetration Testing Tool

Registered

2023-08-02

Similar Business Software

Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Astra Pentest

Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also...

See Software
Carbide

Carbide is a tech-enabled service that strengthens your company’s information security and privacy management capabilities. Our platform and expert services are tailored for companies aiming for a sophisticated security posture, particularly valuable for organizations that must meet rigorous...

See Software
Detectify

Detectify sets the standard for External Attack Surface Management (EASM), providing 99.7% accurate vulnerability assessments. ProdSec and AppSec teams trust Detectify to expose exactly how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous...

See Software
Quixxi

Quixxi is a leading provider of mobile app security solutions that empowers enterprises and security professionals to protect their mobile applications through its patented and proprietary three-pillar platform: SCAN, an automated vulnerability assessment tool (SAST/DAST/WebAPI) that...

See Software
Informer

Find your true attack surface with Informer's automated digital footprint detection and 24/7 monitoring. Access granular vulnerability data for your web applications and infrastructure, including expert remediation advice. Dashboards allow you to visualize and understand your evolving attack...

See Software