FFUF
About
Fuzz Faster U Fool. A fast web fuzzer written in Go
Links
Daniel Miessler primer on ffuf
Installing
Download prebuilt binary from https://github.com/ffuf/ffuf/releases/latest
If GO Compiler is installed
go install github.com/ffuf/ffuf/v2@latestFrom source
git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go buildUsage
ffuf -recursion -mc all -ac -c -e (X) -w WORDLISTffuf -recursion -mc all -ac -c -e .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml -w WORDLIST -u https://TARGET/FUZZ -fc 400,401,403,404,406,500,502 > OutFile.txtffuf -recursion -mc all -ac -c -e .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml -w WORDLIST -u https://TARGET/FUZZ -fc 400,403,404,500 > OutFile.txtffuf -recursion -mc all -ac -c -e (X) -w (wordlist)ffuf -recursion -mc all -ac -c -e .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml -w /usr/share/seclists/Discovery/Web-Content/big.txt -u <https://domain.com/FUZZ> -fc 400,401,403,404,406,500,502 > file.txtPassword Guessing with POST request
ffuf -request ire-request.txt -request-proto http -mode clusterbomb -w Users.txt:FUZZUSER -w Wordlists/combined.txt:FUZZPASS -fc 301ffuf -request teashop.txt -request-proto http -mode clusterbomb -w pw.txt:FUZZPASS -w /usr/share/seclists/Usernames/top-usernames-shortlist.txt:FUZZUSERS -fs 3376Last updated