
about
-----

webef is a web bruteforcer. It is designed to find directories or files in
a web server using a wordlist brute force.
It supports multithreading, Post data bruteforcing, headers adding, HTTP 1.1
requests, HTTPS, client certificate file.
It is possible to hide results, depending on their HTTP response code or 
response size.
Two wordlist files are allowed.

platforms
---------

webef 0.3.1 was compiled and more or less successfully tested under the
following operating systems:

Debian lenny/sid on amd64, kernel 2.6.32
Debian lenny/sid on x86
Fedora 14
Ubuntu 10.04

install
-------

Get the tarball and extract it:
	tar xvfz webef.tgz
	cd webef/
	make

For compiling webef, gcc is recommended.
If you want to use webef in HTTPS, you will need to have the OpenSSL library. 

How does it work ?
------------------

webef build a HTTP request to a server and replace the FUZZ and FUZ2Z 
words by every word contained in the wordlist files given. 


Examples
---------

simplest example :
webef -f wordlist http://host/FUZZ

with another TCP port : 
webef -f wordlist http://host:8080/FUZZ

with https :
webef -f wordlist https://host/FUZZ

with https and client certificate with private key :
webef -f wordlist -c SSL_cert.crt -k SSL_key.key https://host/FUZZ

with another wordlist file (extension fuzzing as an example) :
webef -f wordlist1,wordlist2 http://host/FUZZ.FUZ2Z

Change the number of thread (10 by default)
webef -f wordlist -t 5 http://host/FUZZ

Add a waiting time between two requests (2 seconds) :
webef -f wordlist -s 2 http://host/FUZZ

Agressive mode uses HTTP 1.1 and persistent connections. It is more efficient
with HTTPS (less handshake phases) and faster :
webef -f wordlist -A http://host/FUZZ

Post data bruteforcing :
webef -f wordlist -P "data=FUZZ&content=1&id=FUZ2Z" http://host/url

Adding headers :
webef -f wordlist -H "User-agent=blah" http://host/FUZZ

Basic authentifcation bruteforcing
webef -f user.txt,pass.txt -B "user=FUZZ&pass=FUZ2Z" -e 401 http://host/url

contact
-------

For questions, bug reports, ideas, contributions etc. please contact
yves.le-provost@hsc.fr


