Difference between revisions of "Ffuf"
Jump to navigation
Jump to search
FBirnegger (talk | contribs) |
|||
| Line 8: | Line 8: | ||
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with | If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with | ||
$sudo apt install ffuf | $sudo apt install ffuf | ||
== Cheatsheet == | == Cheatsheet == | ||
=== Useful flags === | === Useful flags === | ||
==== Match & Filter ==== | |||
* '''-mc''' : Match response codes | |||
* '''-mr''' : Match regex pattern | |||
* '''-ms''' : Match reponse size | |||
* '''-fc''' : Filter response codes | |||
* '''-fr''' : Filter regex pattern | |||
* '''-fs''' : Filter reponse size | |||
==== Input & Output ==== | |||
* '''-w''' : Wordlist | |||
=== | * '''-mode''' : Operation Mode (Clusterbomb, Pitchfork) | ||
* '''-request''' : File with a HTTP request | |||
* '''-o''' : Output file | |||
* '''-of''' : Output file format | |||
== Courses == | == Courses == | ||
Revision as of 13:36, 3 January 2023
Summary
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.
Overview
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.
Installation
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with
$sudo apt install ffuf
Cheatsheet
Useful flags
Match & Filter
- -mc : Match response codes
- -mr : Match regex pattern
- -ms : Match reponse size
- -fc : Filter response codes
- -fr : Filter regex pattern
- -fs : Filter reponse size
Input & Output
- -w : Wordlist
- -mode : Operation Mode (Clusterbomb, Pitchfork)
- -request : File with a HTTP request
- -o : Output file
- -of : Output file format
Courses
- Sichere Softwareentwicklung (IT-Security 22/23)