Wfuzz - The web application fuzzer.

In this video of Cyber Bytes, we discuss about a very interesting web application fuzzing tool called #wfuzz.
We will be discussing about the general concept of #fuzzing and then we will show the demonstration about the tool wfuzz. We will have a look at various options available with the tool that can help you in your course of web security assessments and #bugbounty programs. This tool can help you discover content, test for - http methods, authentication testing, hashing, directory browsing, #filefuzzing, creating reports, etc. There is a lot more this tool can do for you during your #pentest engagements . We have just shown you the most basic options along with some of the advanced options offered by the tool. Interesting options like - fuzzing directories, files, http methods, http authentication methods, url parameters, checking for injection vulnerabilities, using iterators, encoders, scripts & reporting have been demonstrated.

Download Links:
Wfuzz = https://github.com/xmendez/wfuzz
Metasploitable Linux VM = https://sourceforge.net/projects/meta...
Seattle sounds VM = https://www.vulnhub.com/entry/seattle...

Wfuzz Documentation - https://wfuzz.readthedocs.io/en/latest/

Please Like, Comment, Subscribe, Share the video and help our channel grow.

We want to provide quality cyber security contents to all and help spread #cybersecurity awareness and help create a community of cyber security enthusiasts.

Please do comment and provide your inputs on what you would like to see in the upcoming video and provide your feedback. It will really help us to create better quality content on cyber security and appsec

Want to learn #networksecurity auditing? check out our highest rated course on udemy.com at discounted rate.
Link - https://www.udemy.com/course/network-...

Connect with us:-
Our Website - https://evolutioninfosecure.in
Twitter -   / evolutionsec  

DISCLAIMER - The video is Only meant for Educational Purposes. Any or all the techniques for using the tool in this video teaches the viewers to find security vulnerabilities in their application. Cyber Bytes or Evolution Info Secure takes no responsibility of any of the misuse of the tool by anyone. We stand for a pure ethical use of security testing tools and such tools should never be used without the permission of the relevant authority of the web application.
#cyberbytes

Background Sound credits - https://www.bensound.com/

Video Timeline
00:00 - 00:40 - Channel & Topic Intro
00:41 - 03:05 - Intro to Fuzzing
03:06 - 05:22 - Fuzzing categories
05:23 - 07:57 - wfuzz introduction & its features
07:58 - 09:22 - Responsible use - Alert & Disclaimer
09:25 - 10:45 - Demo setup description
10:46 - 13:19 - Directory fuzzing
13:20 - 15:12 - File fuzzing
15:13 - 19:50 - Fuzzing HTTP Methods
19:52 - 22:29 - Fuzzing HTTP Basic authentication
22:30 - 25:05 - Fuzzing URL Parameters
25:06 - 28:23 - Fuzzing Post Requests
28:24 - 29:34 - Advanced Features - Iterators
29:34 - 32:18 - wfuzz zip iterator
32:21 - 33:15 - wfuzz chain iterator
33:16 - 34:33 - wfuzz product iterator
34:34 - 36:52 - wfuzz encoders
36:53 - 38:05 - wfuzz using single encoder
38:06 - 39:27 - wfuzz using multiple encoders
39:28 - 41:26 - piping multile encoders in wufzz
41:28 - 42:26 - calling encoders by category
42:24 - 44:25 - wfuzz scripts
44:26 - 47:26 - reporting with wfuzz
47:27 - 48:16 - Outro