09 April 2008 | 18,262 views

Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications

Check For Vulnerabilities with Acunetix

A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources that are not publically linked such as directories & files, it can bruteforce HEADERS, GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), it can also bruteforce forms parameters (User/Password) and carry out general Fuzzing,etc.


  • Recursion (When doing directory bruteforce)
  • Post, headers and authentication data bruteforcing
  • Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
  • Colored output on all systems
  • Hide results by return code, word numbers, line numbers, etc.
  • Many Encodings (random_upper, urlencode, sHA1, bin_ascii, base64, double_nibble_hex, uri_hex, md5, double_urlencode etc)
  • Cookies fuzzing
  • Multi-threading
  • Proxy support
  • Multiple FUZZ capability with multiple dictionaries
  • Authentication support (NTLM, Digest, Basic)
  • All parameter bruteforcing (POST and GET)
  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more)

The tool is based on dictionaries and ranges, you choose where you want to bruteforce just by replacing the part of the URL or the POST by the keyword FUZZ.

You can download wfuzz v1.4 here:

Wfuzz 1.4 – Source (20/01/2008)
Wfuzz 1.4b – Windows binary (17/02/2008)

Or read more here.


Recent in Hacking Tools:
- american fuzzy lop – Security Oriented Fuzzing Tool
- KeeFarce – Extract KeePass Passwords (2.x) From Database
- 0d1n – Web HTTP Fuzzing Tool

Related Posts:
- Wfuzz – A Tool for Bruteforcing/Fuzzing Web Applications
- GoLISMERO – Web Application Mapping Tool
- Keep on Fuzzing! Advice

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,940,748 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,278,997 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 659,397 views

Low-cost VPS Hosting

3 Responses to “Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications”

  1. zupakomputer 9 April 2008 at 6:12 pm Permalink

    Someone should just release a Masked Ball edition of all known fuzzwear and call it after Fuzzy Duck.

  2. zupakomputer 9 April 2008 at 6:39 pm Permalink

    And scrty dtr, what about that?


  3. fever 9 April 2008 at 8:12 pm Permalink

    sounds like an app to take a look into. could have possibilities. hope to see more.