ffuf - Fuzz Faster U Fool
ffuf - Fuzz Faster U Fool
ffuf tool which use to do fuzzing/brute force attacks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Usage: ffuf [flags]
Flags:
-w Wordlist file path
-u Target URL
-H Custom header (can be used multiple times)
-X HTTP method (default: GET)
-r Follow redirects
-t Number of concurrent threads (default: 40)
-p Proxy URL
-c Custom match string (can be used multiple times)
-exclude-dirs Comma-separated list of directories to exclude
-mc Maximum number of matches to output
-v Verbose output
Examples:
- Basic usage:
1
ffuf -w wordlist.txt -u http://example.com/FUZZ
- Add custom header:
1
ffuf -w wordlist.txt -u http://example.com/FUZZ -H "Authorization: Bearer <token>"
- Use POST method:
1
ffuf -w wordlist.txt -u http://example.com/api -X POST -d "param1=value1¶m2=value2"
- Finding subdomain:
1
ffuf -u https://FUZZ.example.com -w wordlist.txt -mc 200,301,302,403
- Follow redirects:
1
ffuf -w wordlist.txt -u http://example.com/FUZZ -r
- Use a proxy:
1
ffuf -w wordlist.txt -u http://example.com/FUZZ -p http://127.0.0.1:8080
- Exclude directories:
1
ffuf -w wordlist.txt -u http://example.com/FUZZ -exclude-dirs "admin,backup,test"
- Use custom match string:
1
ffuf -w wordlist.txt -u http://example.com/FUZZ -c "Password incorrect"
- Number of threads:
1
ffuf -w wordlist.txt -u http://example.com/FUZZ -t 50
Common List for SecLists
https://github.com/danielmiessler/SecLists
| List | Usage |
|---|---|
| SecLists/Discovery/Web-Content/directory-list-2.3-small.txt | Directory/Page Wordlist |
| SecLists/Discovery/Web-Content/web-extensions.txt | Extensions Wordlist |
| SecLists/Discovery/DNS/subdomains-top1million-5000.txt | Domain Wordlist |
| SecLists/Discovery/Web-Content/burp-parameter-names.txt | paramter Wordlist |
This post is licensed under CC BY 4.0 by the author.