Twitter Facebook LinkedIn Reddit Email WhatsApp
Post Views 5,954
Basic Commands Command Description ffuf -u <URL/FUZZ> -w <wordlist>Basic directory/file brute-forcing ffuf -u <URL/FUZZ> -w <wordlist> -e <ext>Brute-force directories/files with specific extensions ffuf -u http://FUZZ.example.com/ -w <wordlist>Brute-force subdomains ffuf -u <URL>?FUZZ=value -w <wordlist>Brute-force parameters in a query string ffuf -u <URL/FUZZ> -w <wordlist> -o <output>Save the scan output to a file ffuf -w <wordlist> -u <URL/FUZZ> -X POSTUse POST method for requests
Directory and File Enumeration Command Description ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txtBasic directory brute-force ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt -e .php,.html,.txtBrute-force files with specific extensions ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt -t <num>Set the number of threads (default is 40) ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt -recursionRecursive fuzzing of directories ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt -cDisplay colored output
Example Usage: ffuf -u http://example.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -t 50
-t : Specify the number of threads (in this example, 50).
Parameter and GET Request Fuzzing Command Description ffuf -u http://example.com/index.php?FUZZ=value -w /path/to/wordlist.txtBrute-force parameters in the URL ffuf -u http://example.com/index.php?id=FUZZ -w /path/to/wordlist.txtBrute-force parameter values
Example Usage: ffuf -u http://example.com/index.php?FUZZ=test -w /usr/share/wordlists/dirb/common.txtSubdomain Enumeration Command Description ffuf -u http://FUZZ.example.com/ -w /path/to/wordlist.txtBrute-force subdomains ffuf -u http://FUZZ.example.com/ -w /path/to/wordlist.txt -t <num>Set the number of threads for subdomain brute-force
Example Usage: ffuf -u http://FUZZ.example.com/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t 100Filter Results FFuF allows filtering by status codes, size, and word count for more targeted fuzzing.
Command Description ffuf -u <URL/FUZZ> -w <wordlist> -fc <codes>Filter by HTTP status codes (e.g., 404, 500) ffuf -u <URL/FUZZ> -w <wordlist> -fs <size>Filter by response size ffuf -u <URL/FUZZ> -w <wordlist> -fw <words>Filter by number of words in response
Example Usage: ffuf -u http://example.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -fc 404
-fc 404 : Filter out responses with a 404 status code.
Advanced Options Command Description ffuf -u <URL/FUZZ> -w <wordlist> -H 'Header: value'Add custom HTTP headers ffuf -u <URL/FUZZ> -w <wordlist> -X POST -d 'data'Send POST requests with a data payload ffuf -u <URL/FUZZ> -w <wordlist> --delay <seconds>Set delay between requests (in seconds) ffuf -u <URL/FUZZ> -w <wordlist> -mc <code>Match specific HTTP status codes
Custom HTTP Header Example: ffuf -u http://example.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -H "Authorization: Bearer <token>"POST Request Fuzzing Example: ffuf -u http://example.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -X POST -d "username=FUZZ&password=pass123"Wordlists
Common Wordlists :/usr/share/wordlists/dirb/common.txt/usr/share/seclists/Discovery/Web-Content/common.txt/usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt
Saving Output You can save the results to a file for later review.
Command Description ffuf -u <URL/FUZZ> -w <wordlist> -o <output file> -of <format>Save output to a file (e.g., in JSON format)
Example Usage: ffuf -u http://example.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -o results.json -of json
-o : Output the results to a file.-of json : Save the output in JSON format.
Example Scans
Basic Directory Bruteforce :
ffuf -u http://example.com/FUZZ -w /usr/share/wordlists/dirb/common.txt
Subdomain Bruteforce :
ffuf -u http://FUZZ.example.com/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
POST Request Parameter Fuzzing :
ffuf -u http://example.com/login.php -w /usr/share/wordlists/dirb/common.txt -X POST -d "username=FUZZ&password=123456"
Leave a Reply