Hello everyone.
In today's article, we're learning about web pentsting with wfuzz.

👉 https://denizhalil.com/2023/11/10/web-application-security-testing-wfuzz/

#websecurity #wfuzz #cybersecurity #ethicalhacking #pentesting #webapplicationsecurity

Write up for Advent of Cyber Day 4. Solved it using Ruby and Ronin. Got to use the brand new (and soon-to-be-released) ronin-web wordlist command, which is much more powerful than CeWL, to spider the website and generate the custom wordlists. Also got to bust out the async gem to write a quick and dirty concurrent bruteforcer, which was much faster than wfuzz!

⬇️​Spoilers below⬇️​

https://ronin-rb.dev/blog/2023/12/04/solving-advent-of-cyber-day-4-using-ronin.html
#ruby #ronin #asyncruby #adventofcyber2023 #ctfwriteup #cewl #wfuzz

Also apparently wfuzz 3.1.0 has a bug where it's printing each payload that it's trying, but it accidentally clears the line afterwards with a \r character, instead of doing that before printing the next line. So I only see the text briefly appear then disappear. Pentesting tools are a joke.
#wfuzz

Dafuz is with wfuzz using FUZ2Z as a special variable name? Did they typo FUZZ2 and decided to keep it that way? Why are pentesting tools so janky and why doesn't anyone seem to mind?
#wfuzz #pentesting

The problem with teaching a course on web application security is that the tools come and go so quickly. Tools that were current 2 years ago look like abandonware today. #w3af #wfuzz #xsser

One student suggested forking the projects and taking over responsibility. I credit the ambitious thinking, but I warned people to value their time. Which is probably why the projects were abandoned in the first place.