Hey Folks, as we all know about fuzzing how important it is during bug hunting and CTF challenges but fuzzing is always the first step used to get some sensitive information like: password files, directory, vulnerable location etc. Sometimes we take help of other tool and they take more time to fuzzing against web applications and even we should have our own word list and it can time taking to do all this, hecne this tool is really amazing which will perform deep fuzzing against the web application without giving any custom word list and also in this have some unique features such as : recursive, juicy info, js-info etc from which we can enhance our results.
Lets take tool 🙂 !!
Installation
Lets install this tool and first of all we will use git tool which will download it from github and after complete the downloading we go to the directory. We should have require dependencies on which we can start this tool, we will configure it by executing the pipe command.
1 2 3 | git clone https://github.com/D4Vinci/CWFF.git cd CWFF/ python3 -m pip install -r requirements.txt |
We have done the all installation and now from the given help command we can see the features of this tool.
1 | python3 cwff.py --help |
Recursive Info
In our first attempt we will try to get more information through adding the recursive feature of this tool and as you can see we have not added any wordlists below. Lets move on results.
1 | python3 cwff.py --recursive http://testphp.vulnweb.com/ |
After the process is complete, the result will be saved in the directory which we gave the URL. We go to the results directory.
1 | cd configured |
Nice 🙂 !! here you can see that the it give us the useful parameter which are available on web application and which can be vulnerable.
Juicy Files
With this feature we can get some juicy stuff from the endpoint and we have to execute the below command.
1 | python3 cwff.py --juicy-files http://testphp.vulnweb.com/ |
Complete Domain
The deep scan is here in which we can get almost all the hidden file, directory and location from web application. Just we will give the URL of the web application and it will get all the details and save it in the directory.
1 | python3 cwff.py http://testphp.vulnweb.com/ |
Nice 🙂 !! We got success and you can see that there are a lot of useful files and location on which we can go one by one and get the details.
Similarly, it has some other features that you can use yourself and get more details.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.