Audience

Anyone looking for a solution offering a security fuzzer tool and library for Python

About Wfuzz

Wfuzz provides a framework to automate web application security assessments and could help you secure your web applications by finding and exploiting web application vulnerabilities. You can also run Wfuzz from the official Docker image. Wfuzz is based on the simple concept that it replaces any reference to the fuzz keyword with the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing it to perform complex web security attacks in different web application components such as parameters, authentication, forms, directories/files, headers, etc. Wfuzz’s web application vulnerability scanner is supported by plugins. Wfuzz is a completely modular framework and makes it easy for even the newest Python developers to contribute. Building plugins is simple and takes little more than a few minutes.

Other Popular Alternatives & Related Software
API Fuzzer
API Fuzzer
API Fuzzer allows to fuzz-request attributes using common pentesting techniques and lists vulnerabilities. API Fuzzer gem accepts an API request as input and returns vulnerabilities possible in the API. Cross-site scripting vulnerability, SQL injection, blind SQL injection, XML external entity vulnerability, IDOR, API rate limiting, open redirect vulnerabilities, information disclosure flaws, info leakage through headers, and cross-site request forgery vulnerability.
Learn more
Wapiti
Wapiti
Wapiti is a web application vulnerability scanner. Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed web app, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms, and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Search for potentially dangerous files on the server. Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart forms and can inject payloads in filenames (upload). Warnings are raised when an anomaly is found (for example 500 errors and timeouts). Wapiti is able to make the difference between permanent and reflected XSS vulnerabilities. Generates vulnerability reports in various formats (HTML, XML, JSON, TXT, CSV).
Learn more
Awesome Fuzzing
Awesome Fuzzing
Awesome Fuzzing is a list of fuzzing resources including books, courses, both free and paid, videos, tools, tutorials, and vulnerable applications to practice in order to learn fuzzing and initial phases of exploit development like root cause analysis. Courses/training videos on fuzzing, videos talking about fuzzing techniques, tools, and best practices. Conference talks and tutorials, blogs, tools that help in fuzzing applications, and fuzzers that help in fuzzing applications that use network-based protocols like HTTP, SSH, SMTP, etc. Search and pick the exploits, that have respective apps available for download, and reproduce the exploit by using the fuzzer of your choice. Set of tests for fuzzing engines. Includes different well-known bugs. A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature.
Learn more
Qdrant
Qdrant
Qdrant is a vector similarity engine & vector database. It deploys as an API service providing search for the nearest high-dimensional vectors. With Qdrant, embeddings or neural network encoders can be turned into full-fledged applications for matching, searching, recommending, and much more! Provides the OpenAPI v3 specification to generate a client library in almost any programming language. Alternatively utilise ready-made client for Python or other programming languages with additional functionality. Implement a unique custom modification of the HNSW algorithm for Approximate Nearest Neighbor Search. Search with a State-of-the-Art speed and apply search filters without compromising on results. Support additional payload associated with vectors. Not only stores payload but also allows filter results based on payload values.
Learn more

Pricing

Starting Price:
Free
Free Version:
Free Version available.

Integrations

See Integrations

Ratings/Reviews

Overall 0.0 / 5
ease 0.0 / 5
features 0.0 / 5
design 0.0 / 5
support 0.0 / 5

This software hasn't been reviewed yet. Be the first to provide a review:

Review this Software

Company Information

Wfuzz
wfuzz.readthedocs.io

Videos and Screen Captures

Wfuzz Screenshot 1
Wfuzz Screenshot 1 Wfuzz Screenshot 2
Other Useful Business Software
Orchestrate Your AI Agents with Zenflow Icon
Orchestrate Your AI Agents with Zenflow

The multi-agent workflow engine for modern teams. Zenflow executes coding, testing, and verification with deep repo awareness

Zenflow orchestrates AI agents like a real engineering system. With parallel execution, spec-driven workflows, and deep multi-repo understanding, agents plan, implement, test, and verify end-to-end. Upgrade to AI workflows that work the way your team does.
Try free now

Product Details

Platforms Supported
Cloud
Windows
Mac
Training
Documentation
Support
Online

Wfuzz Frequently Asked Questions

Q: What kinds of users and organization types does Wfuzz work with?
Q: What languages does Wfuzz support in their product?
Q: What kind of support options does Wfuzz offer?
Q: What other applications or services does Wfuzz integrate with?
Q: What type of training does Wfuzz provide?
Q: How much does Wfuzz cost?

Wfuzz Product Features