webef is a web bruteforcer. It is designed to find directories or files in a web server using a wordlist brute force. It supports multithreading, Post data bruteforcing, headers adding, HTTP 1.1 requests, HTTPS, client certificate file, Proxy, url and querystring encoding. It is possible to hide results, depending on their HTTP response code or response size. Two wordlist files are allowed. A module is available in order to detect sql injection in headers, based on delay response.

webef 0.5 was compiled and more or less successfully tested under the following operating systems:

Debian lenny/sid on amd64, kernel 2.6.32 Debian lenny/sid on x86 Fedora 14 Ubuntu 10.04

Get the tarball and extract it:

tar xvfz webef.tgz

cd webef/

make

For compiling webef, gcc is recommended. If you want to use webef in HTTPS, you will need to have the OpenSSL library.

webef build a HTTP request to a server and replace the FUZZ and FUZ2Z words by every word contained in the wordlist files given.

simplest example : webef -f wordlist http://host/FUZZ

with another TCP port : webef -f wordlist http://host:8080/FUZZ

with https : webef -f wordlist https://host/FUZZ

with https and client certificate with private key : webef -f wordlist -c SSL_cert.crt -k SSL_key.key https://host/FUZZ

with another wordlist file (extension fuzzing as an example) : webef -f wordlist1,wordlist2 http://host/FUZZ.FUZ2Z

Change the number of thread (10 by default) webef -f wordlist -t 5 http://host/FUZZ

Add a waiting time between two requests (2 seconds) : webef -f wordlist -s 2 http://host/FUZZ

Agressive mode uses HTTP 1.1 and persistent connections. It is more efficient with HTTPS (less handshake phases) and faster : webef -f wordlist -A http://host/FUZZ

Agressive mode can be used with the HEAD method to improve performance. webef -f wordlist -m HEAD -A http://host/FUZZ

Post data bruteforcing : webef -f wordlist -P "data=FUZZ&content=1&id=FUZ2Z" http://host/url

Use proxy : webef -f wordlist -p "192.168.1.1:3128" http://host/FUZZ

Use url encoding for FUZZ words : webef -f wordlist -E 1 http://host/FUZZ

Adding headers : webef -f wordlist -H "User-agent=blah" http://host/FUZZ

Hide response following HTTP return code : webef -f wordlist -e 404 http://host/FUZZ

Hide response following HTTP redirect : webef -f wordlist -R "http://host/redirect.html" http://host/FUZZ

Basic authentifcation bruteforcing : webef -f user.txt -f pass.txt -B "user=FUZZ&pass=FUZ2Z" -e 401 http://host/url

Detect Sql injection in headers (a delay for response up to 5s is suspicious): webef -f wordlist/injections.txt -i http://host/page.php

Debug : -d option