Fuzzing: ffuf Tool

Install ffuf

$ sudo apt install ffuf

$ ffuf -h

Install Latest Version

$ go install github.com/ffuf/ffuf@latest

$ ~/go/bin/ffuf -h

Simple ffuf Scan

$ ffuf -u https://codingo.io/FUZZ/ -w ./wordlist

tomnomnom - OverviewGitHub

Recursion

$ ffuf -u https://codingo.io/FUZZ -w ./wordlist.txt -recursion

Do not add "/" after FUZZ keyword.

Extension Checks

$ ffuf -u http://codingo.io/FUZZ -w ./wrodlist.txt -recursion -e .bak

Custom Fuzzing Words

$ ffuf -u http://codingo.io/W1 -w ./wordlist.txt:W1 -e .bak

W1 could be set to anything of your choosing.

Silent Mode and Tee for Output

Silent Mode

$ ffuf -u http://codingo.io/FUZZ -w ./wordlist.txt -s

Output Results

$ ffuf -u http://codingo.io/FUZZ -w ./wordlist.txt -s | tee ./outfile.txt

HTML Output

$ ffuf -u http://codingo.io/FUZZ -w ./wordlist.txt -of html -o ./codingo

Supported formats include json, ejson, html, md, csv, and ecsv

Filters and Matches

$ ffuf -h

Authentication: Cookies

$ ffuf -u http://codingo.io/FUZZ -w ./wordlist.txt -of html -o ./codingo -b "NAME1=VALUE1; NAME2=VALUE2"

Authentication: Headers

$ ffuf -u http://codingo.io/FUZZ -w ./wordlist.txt -of html -o ./codingo -H "NAME1=VALUE1; NAME2=VALUE2"

Setting custom headers to identify yourself can also be a requirement on some pentest engagements, or bug bounty programs.

Authentication via Burp Suite

This can be bound to any available port, and can be consumend by any tool, not just FFUF

Burp Suite Macros and Burp Suite Extension support is a major strength of tunneling a request in this manner.

Multiple Fuzzing Locations

$ ffuf -u https://W2.io/W1 -w ./wordlist.txt:W1 -w ./domains.txt:W2

Importing Requests

Save the request from Burp Suite

Right click on the requst -> Save item

vim /tmp/request

add GET /FUZZ at the request file

$ ffuf -request /tmp/request -w ./wordlist.txt

No need set -u or a URL

Wordlist Modes

To use pitchfork mode, simply use the flag "-mode pitchfork"

Stop on Spurious Errors

Queue Wide Rate Limiting

Automatic Calibration Mode

Replay Proxy (Local)

$ ffuf -u https://codingo.io/FUZZ -w ./wordlist.txt --replay-proxy http://127.0.0.1:8080

Replay Proxy (Remote)

$ ffuf -u http://codingo.io/FUZZ -w ./wordlist.txt -replay-proxy http://127.0.0.1:8888

END

PreviousWeb App Pentesting Tools NextNosql Injection: NoSqlMap

Last updated 2 years ago

hashtagInstall ffuf

hashtagInstall Latest Version

hashtagSimple ffuf Scan

hashtagRecursion

hashtagExtension Checks

hashtagCustom Fuzzing Words

hashtagSilent Mode and Tee for Output

hashtagSilent Mode

hashtagOutput Results

hashtagHTML Output

hashtagFilters and Matches

hashtagAuthentication: Cookies

hashtagAuthentication: Headers

hashtagAuthentication via Burp Suite

hashtagMultiple Fuzzing Locations

hashtagImporting Requests

hashtagWordlist Modes

hashtagStop on Spurious Errors

hashtagQueue Wide Rate Limiting

hashtagAutomatic Calibration Mode

hashtagReplay Proxy (Local)

hashtagReplay Proxy (Remote)

hashtagEND