WebFuzzForge / wenum

Wfuzz fork
GNU General Public License v2.0
19 stars 6 forks source link

Remove "-z" option, wordlist being the only option remaining #24

Closed percepo closed 1 year ago

percepo commented 1 year ago

As of right now, the "-z" option is still offered. This comes from the fact that wfuzz is able to use different kinds of mechanisms to load a set of payloads to fuzz with. While that is neat, we believe that any such form can - without the help of the enumeration tool - quickly be scripted before executing the tool, ready the wordlist, and use the "-w" option. We believe removing this feature will declutter the set of options, remove complexity in the source code, and leave us with less features to maintain which we do not see important to wenums toolset regardless.

percepo commented 1 year ago

This also includes --slice, --field, --efield, --zP, --zE, and potentially --zE and --prefilter. --slice goes because it again manipulates the wordlist without any runtime relevance, which is considered out of scope. --field and --efield manipulate the displayed output only, which seems too niche to keep in. --zE might stay to allow for using the wordlist for every FUZnZ, and --prefilter might be relevant to filter out some payloads that are dynamically queued (due to plugins). Regardless, depending on how much they stand in the way of a clean architecture, they may be deemed too unimportant to keep.