Working with CWFF Tool on Kali Linux OS

Example 1: Recursive Info

python3 cwff.py --recursive http://testphp.vulnweb.com/

1. In this Example, We will try to get more information by adding the recursive feature of this tool, and as you can see we have not added any word lists below.

2. In the below Screenshot, We have got 2 unique files that contain endpoints and a parameter list.

3. In the below Screenshot, We have displayed the endpoints file.

4. In the below Screenshot, We have the list of unique parameters which are linked with the target domain.

Example 2: Juicy Files

python3 cwff.py --juicy-files http://testphp.vulnweb.com/

1. In this example, We will try to get some juicy stuff from the endpoint. We have used –juicy-files tag for usage.

2. In the below Screenshot, We have got the results of our scan.

Example 3: Complete Domain

python3 cwff.py http://testphp.vulnweb.com/

1. In this example, We will be performing a deep scan on our target domain. This will discover some extra endpoints and parameters which were missed in Examples 1 and 2.

2. In the below Screenshot, The complete domain scan is successfully executed and results are saved in dedicated files.

3. In the below Screenshot, We are displaying the file which contains the unique 662 endpoints.

4. In the below Screenshot, We are displaying the unique 12 parameters consisting file.

The fuzzing process is an important process while doing penetration testing, Bug Bounty or even playing CTF challenges. Fuzzing is the very initial step for extracting sensitive data like password files, username files, directories, vulnerable locations, etc. We often make use of various tools for getting this information. We have to pass our custom word list for performing brute-forcing sometimes. But we have an amazing tool names CWFF which fuzzes the sensitive endpoints and parameters without providing any word list. CWFF tool is developed in the Python language and has many key features like recursive scanning, juicy info, js-info, and many more. CWFF tool is an open-source tool and free to use.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux