halil denizAug 13, 2025

Hello everyone.
In today's article, we're learning about web pentsting with wfuzz.

👉 https://denizhalil.com/2023/11/10/web-application-security-testing-wfuzz/

#websecurity #wfuzz #cybersecurity #ethicalhacking #pentesting #webapplicationsecurity

Web Application Security Testing with Wfuzz - DenizHalil - Professional Cybersecurity Consulting and Penetration Testing

We offer expert cybersecurity, artificial intelligence and technology consultancy to ensure the digital security of your business. Ensure your business continuity with proactive solutions, risk analysis and effective intervention strategies against current threats. Increase your competitive advantage in the digital world with our reliable, innovative and business-oriented services.

DenizHalil - Professional Cybersecurity Consulting and Penetration Testing
Show threadpostmodernDec 6, 2023

Write up for Advent of Cyber Day 4. Solved it using Ruby and Ronin. Got to use the brand new (and soon-to-be-released) ronin-web wordlist command, which is much more powerful than CeWL, to spider the website and generate the custom wordlists. Also got to bust out the async gem to write a quick and dirty concurrent bruteforcer, which was much faster than wfuzz!

⬇️​Spoilers below⬇️​

https://ronin-rb.dev/blog/2023/12/04/solving-advent-of-cyber-day-4-using-ronin.html
#ruby #ronin #asyncruby #adventofcyber2023 #ctfwriteup #cewl #wfuzz

Solving Advent of Cyber 2023 Day 4 using Ronin | Ronin

Show threadpostmodernDec 6, 2023
Also apparently wfuzz 3.1.0 has a bug where it's printing each payload that it's trying, but it accidentally clears the line afterwards with a \r character, instead of doing that before printing the next line. So I only see the text briefly appear then disappear. Pentesting tools are a joke.
#wfuzz
Show threadpostmodernDec 6, 2023
I am happy to report that my Ruby async+ronin-support script is faster than wfuzz. Still waiting for wfuzz to finish...
#adventofcyber2023 #ruby #ronin #wfuzz
postmodernDec 6, 2023
Dafuz is with wfuzz using FUZ2Z as a special variable name? Did they typo FUZZ2 and decided to keep it that way? Why are pentesting tools so janky and why doesn't anyone seem to mind?
#wfuzz #pentesting
Show threadpostmodernDec 6, 2023
Attempting to test the CeWL wordlists with wfuzz to verify that the form can be bruteforced with their suggested options. And of course the copy of wfuzz I downloaded off GitHub won't work out of the box, complaining about some Python class name. Thank $deity for the fact that Fedora has a package of wfuzz.
#wfuzz
ChrisNov 9, 2022

The problem with teaching a course on web application security is that the tools come and go so quickly. Tools that were current 2 years ago look like abandonware today. #w3af #wfuzz #xsser

One student suggested forking the projects and taking over responsibility. I credit the ambitious thinking, but I warned people to value their time. Which is probably why the projects were abandoned in the first place.