2021-07-15 13:44:28 +01:00
|
|
|
# ffuf
|
|
|
|
|
|
|
|
|
|
> Subdomain and directory discovery tool.
|
|
|
|
|
> More information: <https://github.com/ffuf/ffuf>.
|
|
|
|
|
|
2021-09-16 04:32:13 +01:00
|
|
|
- Discover directories using a [w]ordlist on a target [u]rl with [c]olorized and [v]erbose output:
|
2021-07-15 13:44:28 +01:00
|
|
|
|
|
|
|
|
`ffuf -w {{path/to/wordlist}} -u {{https://target/FUZZ}} -c -v`
|
|
|
|
|
|
2022-05-04 18:12:15 +01:00
|
|
|
- Fuzz host-[H]eaders with a host file on a target website and [m]atch HTTP 200 [c]ode responses:
|
2021-07-15 13:44:28 +01:00
|
|
|
|
|
|
|
|
`ffuf -w {{hosts.txt}} -u {{https://example.org}} -H "{{Host: FUZZ}}" -mc {{200}}`
|
|
|
|
|
|
|
|
|
|
- Discover directories using a [w]ordlist on a target website with a max individual job time of 60 seconds and recursion discovery depth of 2 levels:
|
|
|
|
|
|
|
|
|
|
`ffuf -w {{path/to/wordlist}} -u {{https://target/FUZZ}} -maxtime-job {{60}} -recursion -recursion-depth {{2}}`
|
|
|
|
|
|
|
|
|
|
- Fuzz GET parameter on a target website and [f]ilter out message [s]ize response of 4242 bytes:
|
|
|
|
|
|
|
|
|
|
`ffuf -w {{path/to/param_names.txt}} -u {{https://target/script.php?FUZZ=test_value}} -fs {{4242}}`
|
|
|
|
|
|
|
|
|
|
- Fuzz POST method with POST [d]ata of password on a target website and [f]ilter out HTTP response [c]ode 401:
|
|
|
|
|
|
|
|
|
|
`ffuf -w {{path/to/postdata.txt}} -X {{POST}} -d "{{username=admin\&password=FUZZ}}" -u {{https://target/login.php}} -fc {{401}}`
|
|
|
|
|
|
2022-10-08 21:34:28 +01:00
|
|
|
- Discover subdomains using a subdomain list on a target website:
|
2021-07-15 13:44:28 +01:00
|
|
|
|
|
|
|
|
`ffuf -w {{subdomains.txt}} -u {{https://website.com}} -H "{{Host: FUZZ.website.com}}"`
|
