Difference between revisions of "Ffuf"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 50: Line 50:
* -X: to determine the HTTP Method
* -X: to determine the HTTP Method
* -d: to determine POST data
* -d: to determine POST data
* -H: To use HTTP Header field with value; multipe
* -H: To use HTTP Header field with value


=== Recursive (Directory) Fuzzing ===
=== Recursive (Directory) Fuzzing ===

Revision as of 13:58, 3 January 2023

Summary

This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.

Overview

Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.

Installation

If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with

 $sudo apt install ffuf

Cheatsheet

Useful flags

Match & Filter

  • -mc : Match response codes
  • -mr : Match regex pattern
  • -ms : Match reponse size
  • -fc : Filter response codes
  • -fr : Filter regex pattern
  • -fs : Filter reponse size

Input & Output

  • -w : Wordlist
  • -mode : Operation Mode (Clusterbomb, Pitchfork)
  • -request : File with a HTTP request
  • -o : Output file
  • -of : Output file format

Directory Fuzzing

Page Fuzzing

Subdomain Fuzzing

Vhosts Fuzzing

To find Vhosts.

 ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP
  • -H: to determine HTTP Header field with value

Parameter Fuzzing

To find parameter names.

GET Requests

 ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx

POST Requests

 ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx
  • -X: to determine the HTTP Method
  • -d: to determine POST data
  • -H: To use HTTP Header field with value

Recursive (Directory) Fuzzing

To find directories recursively.

 ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v
  • -recursion: to enable recursive Fuzzing
  • -recursion-depth: to determine the recursion depth
  • -v: to output the full URL for a better overview

Courses

  • Sichere Softwareentwicklung (IT-Security 22/23)

References