Difference between revisions of "Ffuf"
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
[[File:Ffuf_logo.png|thumb|Ffuf Logo | [[File:Ffuf_logo.png|thumb|Ffuf Logo]] | ||
== Summary == | == Summary == |
Revision as of 14:05, 3 January 2023
Summary
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.
Overview
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.
Installation
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with
$sudo apt install ffuf
Cheatsheet
Useful flags
Match & Filter
- -mc : Match response codes
- -mr : Match regex pattern
- -ms : Match reponse size
- -fc : Filter response codes
- -fr : Filter regex pattern
- -fs : Filter reponse size
Input & Output
- -w : Wordlist and (optional) Keyword after semicolon
- -mode : Operation Mode (Clusterbomb, Pitchfork)
- -request : File with a HTTP request
- -o : Output file
- -of : Output file format
Directory Fuzzing
Fuzz for directories
ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ
Page Fuzzing
Fuzz the file extensions
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ
Enumerate files with certain extensions
ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt
- -e: specify the extensions
Fuzz filenames
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php
Subdomain Fuzzing
Fuzz for Subdomains
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/
Vhosts Fuzzing
Fuzz for VHosts
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP
- -H: to determine HTTP Header field with value
Parameter Fuzzing
Fuzz for parameter names in GET Requests
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx
Fuzz for parameter names in POST Requests
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx
- -X: to determine the HTTP Method
- -d: to determine POST data
- -H: To use HTTP Header field with value
Recursive (Directory) Fuzzing
Fuzz for directories recursively
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v
- -recursion: to enable recursive Fuzzing
- -recursion-depth: to determine the recursion depth
- -v: to output the full URL for a better overview
Courses
- Sichere Softwareentwicklung (IT-Security 22/23)