Edit

Fuzzing: ffuf Tool

Install ffuf

$ sudo apt install ffuf

Install Latest Version

Simple ffuf Scan

LogoGitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.GitHub
SecLists
Logotomnomnom - OverviewGitHub

Recursion

Do not add "/" after FUZZ keyword.

Extension Checks

Custom Fuzzing Words

W1 could be set to anything of your choosing.

Silent Mode and Tee for Output

Silent Mode

Output Results

HTML Output

Supported formats include json, ejson, html, md, csv, and ecsv

Filters and Matches

Authentication: Cookies

Authentication: Headers

Setting custom headers to identify yourself can also be a requirement on some pentest engagements, or bug bounty programs.

Authentication via Burp Suite

This can be bound to any available port, and can be consumend by any tool, not just FFUF

Burp Suite Macros and Burp Suite Extension support is a major strength of tunneling a request in this manner.

Multiple Fuzzing Locations

Importing Requests

Save the request from Burp Suite

  • Right click on the requst -> Save item

vim /tmp/request

add GET /FUZZ at the request file

No need set -u or a URL

Wordlist Modes

To use pitchfork mode, simply use the flag "-mode pitchfork"

Stop on Spurious Errors

Queue Wide Rate Limiting

Automatic Calibration Mode

Replay Proxy (Local)

Replay Proxy (Remote)

END

https://codingo.io/tools/ffuf/bounty/2020/09/17/everything-you-need-to-know-about-ffuf.htmlcodingo.io
Written Guide
LogoGitHub - codingo/codingo.github.ioGitHub
Github

PreviousWeb App Pentesting ToolsNextNosql Injection: NoSqlMap

Last updated

Was this helpful?