From 4b0482217159987d9af66d1d010776ffe5cb32e9 Mon Sep 17 00:00:00 2001 From: Fazle Arefin Date: Tue, 2 Apr 2024 22:33:30 +1100 Subject: [PATCH] ffuf: edit page (#12592) * ffuf: remove redundant linux specific page * ffuf: edit page --- pages/common/ffuf.md | 10 +++++++++- pages/linux/ffuf.md | 28 ---------------------------- 2 files changed, 9 insertions(+), 29 deletions(-) delete mode 100644 pages/linux/ffuf.md diff --git a/pages/common/ffuf.md b/pages/common/ffuf.md index cc6f536f9..cd820fe74 100644 --- a/pages/common/ffuf.md +++ b/pages/common/ffuf.md @@ -8,7 +8,7 @@ `ffuf -c -w {{path/to/wordlist.txt}} -u {{http://target/FUZZ}}` -- Enumerate subdomains by changing the position of the keyword: +- Enumerate webservers of subdomains by changing the position of the keyword: `ffuf -w {{path/to/subdomains.txt}} -u {{http://FUZZ.target.com}}` @@ -23,3 +23,11 @@ - Fuzz with specified HTTP method and [d]ata, while [f]iltering out comma separated status [c]odes: `ffuf -w {{path/to/postdata.txt}} -X {{POST}} -d "{{username=admin\&password=FUZZ}}" -u {{http://target/login.php}} -fc {{401,403}}` + +- Fuzz multiple positions with multiple wordlists using different modes: + +`ffuf -w {{path/to/keys:KEY}} -w {{path/to/values:VALUE}} -mode {{pitchfork|clusterbomb}} -u {{http://target.com/id?KEY=VALUE}}` + +- Proxy requests through a HTTP MITM pro[x]y (such as Burp Suite or `mitmproxy`): + +`ffuf -w {{path/to/wordlist}} -x {{http://127.0.0.1:8080}} -u {{http://target.com/FUZZ}}` diff --git a/pages/linux/ffuf.md b/pages/linux/ffuf.md deleted file mode 100644 index 8b38af239..000000000 --- a/pages/linux/ffuf.md +++ /dev/null @@ -1,28 +0,0 @@ -# ffuf - -> Subdomain and directory discovery tool. -> More information: . - -- Discover directories using a [w]ordlist on a target [u]rl with [c]olorized and [v]erbose output: - -`ffuf -w {{path/to/wordlist}} -u {{https://target/FUZZ}} -c -v` - -- Fuzz host-[H]eaders with a host file on a target website and [m]atch HTTP 200 [c]ode responses: - -`ffuf -w {{hosts.txt}} -u {{https://example.org}} -H "{{Host: FUZZ}}" -mc {{200}}` - -- Discover directories using a [w]ordlist on a target website with a max individual job time of 60 seconds and recursion discovery depth of 2 levels: - -`ffuf -w {{path/to/wordlist}} -u {{https://target/FUZZ}} -maxtime-job {{60}} -recursion -recursion-depth {{2}}` - -- Fuzz GET parameter on a target website and [f]ilter out message [s]ize response of 4242 bytes: - -`ffuf -w {{path/to/param_names.txt}} -u {{https://target/script.php?FUZZ=test_value}} -fs {{4242}}` - -- Fuzz POST method with POST [d]ata of password on a target website and [f]ilter out HTTP response [c]ode 401: - -`ffuf -w {{path/to/postdata.txt}} -X {{POST}} -d "{{username=admin\&password=FUZZ}}" -u {{https://target/login.php}} -fc {{401}}` - -- Discover subdomains using a subdomain list on a target website: - -`ffuf -w {{subdomains.txt}} -u {{https://website.com}} -H "{{Host: FUZZ.website.com}}"`