ffuf
Fast web fuzzer for content discovery and parameter fuzzing
Methods12 commands
#fuzzing#bruteforce#discovery#enumeration
Installation
1Install using Go
2Download wordlists
3Verify installation
# Using Go
go install github.com/ffuf/ffuf/v2@latest
# Download SecLists
git clone https://github.com/danielmiessler/SecLists.git
# Verify
ffuf -VBasic Usage
Fuzz web endpoints for directories, files, and parameters
# Directory bruteforce
ffuf -u https://example.com/FUZZ -w wordlist.txt
# File extension fuzzing
ffuf -u https://example.com/FUZZ -w files.txt -e .php,.html,.js
# Parameter fuzzing
ffuf -u "https://example.com/api?FUZZ=test" -w params.txt
# POST data fuzzing
ffuf -u https://example.com/login -X POST -d "user=admin&pass=FUZZ" -w passwords.txt
# Subdomain fuzzing
ffuf -u https://FUZZ.example.com -w subdomains.txtCommand Reference
1Target URL with FUZZ keyword
-u2Wordlist path
-w3Extensions to append
-e4HTTP method
-X5POST data
-d6HTTP header
-H7Match status codes
-mc8Filter status codes
-fc9Filter response size
-fs10Number of threads
-t11Requests per second
-rate12Output file
-oWhen to Use
1
Content discovery2
Finding hidden endpoints3
Parameter bruteforcing4
Virtual host discovery5
API endpoint enumerationNotes & Tips
1
Use -fc to filter unwanted responses2
Calibrate with -ac for auto-calibration3
Use SecLists for comprehensive wordlists4
Rate limit to avoid detectionCommon Errors & Solutions
Too many results
Use -fc to filter status codes or -fs to filter sizes
Blocked by WAF
Reduce rate with -rate flag, use -H for custom headers