Ffuf
Jump to navigation
Jump to search
Summary
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.
Overview
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.
Installation
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with
$sudo apt install ffuf
Cheatsheet
Useful flags
Match & Filter
- -mc : Match response codes
- -mr : Match regex pattern
- -ms : Match reponse size
- -fc : Filter response codes
- -fr : Filter regex pattern
- -fs : Filter reponse size
Input & Output
- -w : Wordlist
- -mode : Operation Mode (Clusterbomb, Pitchfork)
- -request : File with a HTTP request
- -o : Output file
- -of : Output file format
Directory Fuzzing
Courses
- Sichere Softwareentwicklung (IT-Security 22/23)