FFUF

Basic Usage

$ ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ

Recursive Scan

$ ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v

Subdomain Fuzzing

$ ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.hackthebox.eu/

VHost Fuzzing

$ ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://academy.htb:PORT/ -H 'Host: FUZZ.academy.htb'

Parameter Fuzzing

Get Method

$ ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php?FUZZ=key -fs xxx

Post Method

$ ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx

Value Fuzzing

$ ffuf -w ids.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx

Creating an integer wordlist

$ for i in $(seq 1 1000); do echo $i >> ids.txt; done
$ seq 1 1000 > ids.txt

Flags

-t 200 for number of threads

-recursion for recursive request

-recursion-depth 3 for the depth

-e .php for specifying extension in recursion

-v for outputing the full url when doing recursion

-fs 100 for filtering size

-fc 200 for filtering [status] code

-ac for auto calibration

-mr "You don't have access" for match request

PreviousSocksOverRDPNextSQLMap

Last updated