From e33d47791da340660df00cfdc613b19017dce546 Mon Sep 17 00:00:00 2001
From: c0rvu5 <95601110+0xc0rvu5@users.noreply.github.com>
Date: Tue, 2 May 2023 20:21:38 -0500
Subject: [PATCH] wfuzz: add page (#9896)

---
 pages/common/wfuzz.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 pages/common/wfuzz.md

diff --git a/pages/common/wfuzz.md b/pages/common/wfuzz.md
new file mode 100644
index 000000000..90de31ab1
--- /dev/null
+++ b/pages/common/wfuzz.md
@@ -0,0 +1,20 @@
+# wfuzz
+
+> A web application bruteforcer.
+> More information: <https://wfuzz.readthedocs.io/en/latest/user/basicusage.html>.
+
+- Directory and file bruteforce using the specified wordlist and also proxying the traffic:
+
+`wfuzz -w {{path/to/file}} -p {{127.0.0.1:8080}} {{http://example.com/FUZZ}}`
+
+- Save the results to a file:
+
+`wfuzz -w {{path/to/file}} -f {{filename}} {{http://example.com/FUZZ}}`
+
+- Show colorized output while only showing the declared response codes in the output:
+
+`wfuzz -c -w {{path/to/file}} --sc {{200,301,302}} {{http://example.com/FUZZ}}`
+
+- Use a custom header to fuzz subdomains while hiding specific response codes and word counts. Increase the threads to 100 and include the target ip/domain:
+
+`wfuzz -w {{path/to/file}} -H {{"Host: FUZZ.example.com"}} --hc {{301}} --hw {{222}} -t {{100}} {{example.com}}`