CWFF – High Quality Fuzzing Tool in Linux

The fuzzing process is an important process while doing penetration testing, Bug Bounty or even playing CTF challenges. Fuzzing is the very initial step for extracting sensitive data like password files, username files, directories, vulnerable locations, etc. We often make use of various tools for getting this information. We have to pass our custom word list for performing brute-forcing sometimes. But we have an amazing tool names CWFF which fuzzes the sensitive endpoints and parameters without providing any word list. CWFF tool is developed in the Python language and has many key features like recursive scanning, juicy info, js-info, and many more. CWFF tool is an open-source tool and free to use.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of CWFF Tool on Kali Linux OS

Step 1: Check whether Python Environment is Established or not, use the following command.

python3

Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.

cd Desktop

Step 3: You are on Desktop now create a new directory called CWFF using the following command. In this directory, we will complete the installation of the CWFF tool.

mkdir CWFF 

Step 4: Now switch to the CWFF directory using the following command.

cd CWFF 

Step 5: Now you have to install the tool. You have to clone the tool from GitHub.

git clone https://github.com/D4Vinci/CWFF.git

Step 6: The tool has been downloaded successfully in the CWFF directory. Now list out the contents of the tool by using the below command.

ls

Step 7: You can observe that there is a new directory created of the CWFF tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd CWFF 

Step 8: Once again to discover the contents of the tool, use the below command.

ls

Step 9: Download the required packages for running the tool, use the following command.

sudo pip3 install -r requirements.txt

Step 10: Now we are done with our installation, Use the below command to view the help (gives a better understanding of the tool) index of the tool.

python3 cwff.py --help

Working with CWFF Tool on Kali Linux OS

Example 1: Recursive Info

python3 cwff.py --recursive http://testphp.vulnweb.com/

1. In this Example, We will try to get more information by adding the recursive feature of this tool, and as you can see we have not added any word lists below.

2. In the below Screenshot, We have got 2 unique files that contain endpoints and a parameter list.

3. In the below Screenshot, We have displayed the endpoints file.

4. In the below Screenshot, We have the list of unique parameters which are linked with the target domain.

Example 2: Juicy Files

python3 cwff.py --juicy-files http://testphp.vulnweb.com/

1. In this example, We will try to get some juicy stuff from the endpoint. We have used –juicy-files tag for usage.

2. In the below Screenshot, We have got the results of our scan.

Example 3: Complete Domain

python3 cwff.py http://testphp.vulnweb.com/

1. In this example, We will be performing a deep scan on our target domain. This will discover some extra endpoints and parameters which were missed in Examples 1 and 2.

2. In the below Screenshot, The complete domain scan is successfully executed and results are saved in dedicated files.

3. In the below Screenshot, We are displaying the file which contains the unique 662 endpoints.

4. In the below Screenshot, We are displaying the unique 12 parameters consisting file.