Wtfuzz is a pip-installable tool used for checking the existance of different types of web resources including webpages, files, api endpoints and more.
Requires Python 3.5+
pip install wtfuzz
wtfuzz http://your-url-here.com myList.txt
404 : http://your-url-here.com/.bash_history
404 : http://your-url-here.com/.bashrc
404 : http://your-url-here.com/.cache
404 : http://your-url-here.com/.config
404 : http://your-url-here.com/.cvs
200 : http://your-url-here.com/.git/HEAD
200 : http://your-url-here.com/index.php
200 : http://your-url-here.com/wp-admin.php
contents of query_params.csv:
a,b,c
1,2,3
4,5,6
wtfuzz http://your-url-here.com?a&b&c myList.txt -q query_params.csv
404 : http://your-url-here.com/.bash_history?a=1b=2c=3
404 : http://your-url-here.com/.bashrc?a=1b=2c=3
404 : http://your-url-here.com/.cache?a=1b=2c=3
404 : http://your-url-here.com/.config?a=1b=2c=3
404 : http://your-url-here.com/.cvs?a=1b=2c=3
200 : http://your-url-here.com/.git/HEAD?a=1b=2c=3
200 : http://your-url-here.com/index.php?a=1b=2c=3
200 : http://your-url-here.com/wp-admin.php?a=1b=2c=3
...
usage: wtfuzz [-h] [-w wait_time] [-n num_requests] [-t num_threads]
[-o output_file] [--only http_status]
root_url list_file
A CLI tool for finding web resources
positional arguments:
root_url the url you want to start the search from
list_file an optional list of resources to check
optional arguments:
-h, --help show this help message and exit
-w wait_time an optional time to wait between the number of requests
given by the -n flag. Note: this is per thread.
-n num_requests an optional number of requests to make before waiting
for the time specified by the -w flag. Note: this is per
thread.
-t num_threads an optional number of threads to use to send requests.
-o output_file an optional file to log output to.
-m http_method http method to use for requests
-c http_status color customize what color a given http status code will
display as. Note: this parameter can be specified
multiple times. Available Colors:
[red,green,yellow,blue,black,magenta,cyan,white]
-b http_body http body to use for requests
--only http_status only show requests that return http_status
Anyone is welcome to contribute, just head over to the issues page and find an issue you'd like to work on. Check out the discussion and if it seems cool for you to begin working on something, fork the repository, make your changes, and then make a pull request back into this master branch. When making your changes, make sure to add yourself to the AUTHORS file.
- Fork the repository
- Clone your fork:
git clone https://github.com/<your-user>/wtfuzz - Go to the project directory:
cd wtfuzz - Install the required packages:
pip3 install -r requirements.txt - Run the code:
python3 wtfuzz/wtfuzz.py http://your-url-here.com myList.txt