Ffuf

ffuf is a fest web fuzzer written in Go that allows typical directory discovery, virtual host discovery (without DNS records) and GET and POST parameter fuzzing.

General Usage

ffuf -u http://10.10.10.10/FUZZ -w raft-large-words.txt

Filters & Matchers

Ignore 403 & 404 status code from the response.

ffuf -u http://10.10.10.10/FUZZ -fc 404,403 -w raft-large-words.txt

Match with status code 200.

ffuf -u http://10.10.10.10/FUZZ -mc 200 -w raft-large-words.txt

Ignore responses with 38 lines.

ffuf -u http://10.10.10.10/FUZZ -fl 38 -w raft-large-words.txt

Match with responses that have 24 lines.

ffuf -u http://10.10.10.10/FUZZ -ml 24 -w raft-large-words.txt

Ignores responses that have a size of 500 characters.

ffuf -u http://10.10.10.10/FUZZ -fs 500 -w raft-large-words.txt

Match with responses that have a size of 33 characters.

ffuf -u http://10.10.10.10/FUZZ -ms 33 -w raft-large-words.txt

Ignore responses with 55 words.

ffuf -u http://10.10.10.10/FUZZ -fw 55 -w raft-large-words.txt

Match with responses that have 22 words.

ffuf -u http://10.10.10.10/FUZZ -mw 22 -w raft-large-words.txt

Ignores responses that contain the word "template".

ffuf -u http://10.10.10.10/FUZZ -fr "template" -w raft-large-words.txt

Match with responses that contain the word "password".

ffuf -u http://10.10.10.10/FUZZ -mr "password" -w raft-large-words.txt

Input

ffuf -request login.req -request-proto http -w raft-large-words.txt

Output

ffuf -u http://10.10.10.10/FUZZ -o ffuf.txt -w raft-large-words.txt

References

PreviousNmap NextFTP

Last updated 2 years ago