Fuzz Faster U Fool (FFUF)

FFUF FUZZER TOOL

FUZZ = Tells program where to fuzz

#-u = URL

-w = wordlist

We can fuzz parameters to check for SQLi, XSS, etc.

Example:

ffuf -u http://IP_ADDRESS/file.php?id=FUZZ

ffuf -u http://IP_ADDRESS/file.php?FUZZ=1'

--mc = Match code

--fc = Filter code

-c = color output

-fs NUM = File Size

Subdomain enumeration example:

ffuf -u http://example.com -c -w /path/to/wordlist.txt -H 'Host: FUZZ.example.com' -fs 0

-x PROXY:PORT = Sends all ffuf traffic through a web proxy (Burpsuite, network pivoting)

TIP: We can even use regex to search for files

Ffuf

Command

Description

ffuf -h

ffuf help

ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ

Directory Fuzzing

ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ

Extension Fuzzing

ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php

Page Fuzzing

ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v

Recursive Fuzzing

ffuf -w wordlist.txt:FUZZ -u https://FUZZ.hackthebox.eu/

Sub-domain Fuzzing

ffuf -w wordlist.txt:FUZZ -u http://academy.htb:PORT/ -H 'Host: FUZZ.academy.htb' -fs xxx

VHost Fuzzing

ffuf -w wordlist.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php?FUZZ=key -fs xxx

Parameter Fuzzing - GET

ffuf -w wordlist.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx

Parameter Fuzzing - POST

ffuf -w ids.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx

Value Fuzzing

Wordlists

Command

Description

/opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt

Directory/Page Wordlist

/opt/useful/SecLists/Discovery/Web-Content/web-extensions.txt

Extensions Wordlist

/opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

Domain Wordlist

/opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt

Parameters Wordlist

Misc

Command

Description

sudo sh -c 'echo "SERVER_IP academy.htb" >> /etc/hosts'

Add DNS entry

for i in $(seq 1 1000); do echo $i >> ids.txt; done

Create Sequence Wordlist

curl http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'id=key' -H 'Content-Type: application/x-www-form-urlencoded'

curl w/ POST

PreviousFeroxbuster, an improved directory fuzzer tool NextGOBUSTER (DIRBUSTER GUI VERSION)

Last updated 5 months ago

hashtagFFUF FUZZER TOOL

hashtagFUZZ = Tells program where to fuzz

hashtag#-u = URL

hashtagWe can fuzz parameters to check for SQLi, XSS, etc.

hashtagExample:

hashtagSubdomain enumeration example:

hashtagTIP: We can even use regex to search for files

hashtagFfuf

hashtagWordlists

hashtagMisc

FFUF FUZZER TOOL

FUZZ = Tells program where to fuzz

#-u = URL

We can fuzz parameters to check for SQLi, XSS, etc.

Example:

Subdomain enumeration example:

TIP: We can even use regex to search for files

Ffuf

Wordlists

Misc