From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Ffuf Logo


This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show the most important flags and different commands for the most useful use-cases. It can be utilized as a cheatsheet.


Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.


If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with

 $sudo apt install ffuf


Useful flags

Match & Filter

  • -mc : Match response codes
  • -mr : Match regex pattern
  • -ms : Match reponse size
  • -fc : Filter response codes
  • -fr : Filter regex pattern
  • -fs : Filter reponse size

Input & Output

  • -w : Wordlist and (optional) Keyword after semicolon
  • -mode : Operation Mode (Clusterbomb, Pitchfork)
  • -request : File with a HTTP request
  • -o : Output file
  • -of : Output file format

Directory Fuzzing

Fuzz for directories

 ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ

Page Fuzzing

Fuzz the file extensions

 ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ

Enumerate files with certain extensions

 ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt
  • -e: to specify the extensions

Fuzz filenames

 ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php

Subdomain Fuzzing

Fuzz for Subdomains

 ffuf -w wordlist.txt:FUZZ -u http://FUZZ.SERVER_IP:PORT/

Vhosts Fuzzing

Fuzz for VHosts

 ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP
  • -H: to determine HTTP Header field with value

Parameter Fuzzing

Fuzz for parameter names in GET Requests

 ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx

Fuzz for parameter names in POST Requests

 ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx
  • -X: to determine the HTTP Method
  • -d: to determine POST data
  • -H: To use HTTP Header field with value

Recursive (Directory) Fuzzing

Fuzz for directories recursively

 ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v
  • -recursion: to enable recursive Fuzzing
  • -recursion-depth: to determine the recursion depth
  • -v: to output the full URL for a better overview


  • Sichere Softwareentwicklung (IT-Security 22/23)