09 April 2008 | 19,009 views

Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications

Cybertroopers storming your ship?

A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources that are not publically linked such as directories & files, it can bruteforce HEADERS, GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), it can also bruteforce forms parameters (User/Password) and carry out general Fuzzing,etc.


  • Recursion (When doing directory bruteforce)
  • Post, headers and authentication data bruteforcing
  • Output to HTML (easy for just clicking the links and checking the page, even with postdata!!)
  • Colored output on all systems
  • Hide results by return code, word numbers, line numbers, etc.
  • Many Encodings (random_upper, urlencode, sHA1, bin_ascii, base64, double_nibble_hex, uri_hex, md5, double_urlencode etc)
  • Cookies fuzzing
  • Multi-threading
  • Proxy support
  • Multiple FUZZ capability with multiple dictionaries
  • Authentication support (NTLM, Digest, Basic)
  • All parameter bruteforcing (POST and GET)
  • Dictionaries tailored for known applications (Weblogic, Iplanet, Tomcat, Domino, Oracle 9i, Vignette, Coldfusion and many more)

The tool is based on dictionaries and ranges, you choose where you want to bruteforce just by replacing the part of the URL or the POST by the keyword FUZZ.

You can download wfuzz v1.4 here:

Wfuzz 1.4 – Source (20/01/2008)
Wfuzz 1.4b – Windows binary (17/02/2008)

Or read more here.


Recent in Hacking Tools:
- RWMC – Retrieve Windows Credentials With PowerShell
- MITMf – Man-In-The-Middle Attack Framework
- LaZagne – Password Recovery Tool For Windows & Linux

Related Posts:
- Wfuzz – A Tool for Bruteforcing/Fuzzing Web Applications
- GoLISMERO – Web Application Mapping Tool
- Keep on Fuzzing! Advice

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,955,110 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,335,477 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 666,203 views

Low-cost VPS Hosting

3 Responses to “Wfuzz v1.4 Released for Download – Bruteforcing & Fuzzing Web Applications”

  1. zupakomputer 9 April 2008 at 6:12 pm Permalink

    Someone should just release a Masked Ball edition of all known fuzzwear and call it after Fuzzy Duck.

  2. zupakomputer 9 April 2008 at 6:39 pm Permalink

    And scrty dtr, what about that?


  3. fever 9 April 2008 at 8:12 pm Permalink

    sounds like an app to take a look into. could have possibilities. hope to see more.