wfuzz is a URL fuzzer — basically the command-line version of the Burp Suite Intruder (but it’s much faster, which is what one would generally expect from a command-line tool).
-c— Use color-z— Specify the wordlist that will replace FUZZ in the request
Basically, the word “FUZZ” in the URL will be replaced by elements of the wordlist specified by -z. Multiple slots can be specified using “FUZ2Z”, “FUZ3Z”, etc.
wfuzz -z file,rockyou.txt \
https://example.com/FUZZ/img/secret.webpUse wfuzz --help for a full list of options. The --hc 404 option is particularly useful for hiding pages that return a 404.