ffuf (Fuzz Faster U Fool) is a web fuzzer for finding hidden directories, files, and resources on web applications. It’s commonly used by penetration testers to identify endpoints that may not be publicly accessible or documented.
Common ffuf Options
- Target URL (-u): The URL to be fuzzed. You can use FUZZ as a placeholder for the fuzzing position.
- Wordlist (-w): A file containing the words to be used in the fuzzing process.
- Match Mode (-mc): Specify how to match successful requests (e.g., by status code, response size, or word count).
- Filter By (-fc): Filter out results based on status code, response size, or word count.
Additional Options
- -recursion: Enables recursive fuzzing to explore discovered directories.
- -v: Enables verbose output to display more information during the fuzzing process.
Examples of ffuf Commands
- Basic directory fuzzing on example.com using a wordlist:
> ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt - Fuzz directories and filter out 404 status codes:
> ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt -fc 404 - Fuzz for valid responses based on a 200 status code:
> ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt -mc 200 - Enable recursion to fuzz subdirectories of any discovered directories:
> ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt -recursion