Ffuf
Jump to navigation
Jump to search
Summary
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.
Overview
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.
Installation
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with
$sudo apt install ffuf
Cheatsheet
Useful flags
Match & Filter
- -mc : Match response codes
- -mr : Match regex pattern
- -ms : Match reponse size
- -fc : Filter response codes
- -fr : Filter regex pattern
- -fs : Filter reponse size
Input & Output
- -w : Wordlist and (optional) Keyword after semicolon
- -mode : Operation Mode (Clusterbomb, Pitchfork)
- -request : File with a HTTP request
- -o : Output file
- -of : Output file format
Directory Fuzzing
Fuzz for directories
ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ
Page Fuzzing
Fuzz the file extensions
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ
Enumerate files with certain extensions
ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt
- -e: specify the extensions
Fuzz filenames
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php
Subdomain Fuzzing
Fuzz for Subdomains
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/
Vhosts Fuzzing
Fuzz for VHosts
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP
- -H: to determine HTTP Header field with value
Parameter Fuzzing
Fuzz for parameter names in GET Requests
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx
Fuzz for parameter names in POST Requests
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx
- -X: to determine the HTTP Method
- -d: to determine POST data
- -H: To use HTTP Header field with value
Recursive (Directory) Fuzzing
Fuzz for directories recursively
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v
- -recursion: to enable recursive Fuzzing
- -recursion-depth: to determine the recursion depth
- -v: to output the full URL for a better overview
Courses
- Sichere Softwareentwicklung (IT-Security 22/23)
References
- ↑ Cite error: Invalid
<ref>
tag; no text was provided for refs namedFFUF