Guide to FFUF tool – Web Application Fuzzing

ffuf tool common use cases

FFUF tool is commonly used for the following purposes:

  • Discovering hidden files and directories: Fuzzing can be used to discover files and directories that are not linked from the web application’s user interface, but are still accessible through the web server. This can help identify potentially sensitive information that has been left accessible by mistake.
  • Testing for injection vulnerabilities: Injection vulnerabilities allow attackers to execute arbitrary code or commands on the server by injecting malicious input into the application. Fuzzing can help identify such vulnerabilities by sending a large number of random or malicious payloads and analyzing the application’s response.
  • Brute-forcing login pages: FFUF can be used to perform brute-force attacks on login pages, trying a large number of username and password combinations in an attempt to find valid credentials.
  • Testing the robustness of the application: Fuzzing can help identify areas of the application that may be prone to crashes or other failures when presented with invalid or unexpected input.
  • Identifying potential vulnerabilities: Fuzzing can help identify potential vulnerabilities in the application that can be exploited by attackers.

Install ffuf tool using go

git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go build
apt install golang-go

Examples commands

CommandDescription
ffuf -w /SecLists/Discovery/Web-Content/directory-list-2.3-small.txt::FUZZ -u http://192.168.5.14/FUZZfuzzing for web directories
ffuf -w SecLists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://example.com/en/indexFUZZExtension Fuzzing
ffuf -w /SecLists/Discovery/Web-Content/directory-list-2.3-small.txt::FUZZ -u http://192.168.5.14/blog/FUZZ.phpPage Fuzzing
ffuf -w /SecLists/Discovery/Web-Content/directory-list-2.3-small.txt::FUZZ -u http://192.168.5.14/blog/FUZZ -recursion -recursion-depth 1 -e .php -vRecursive Scanning
ffuf -w /SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.example.com/Sub-domain Fuzzing
ffuf -w /SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://example.com -H ‘Host: FUZZ.example.com’Vhost Fuzzing, specify a header for public and non public sub domain
ffuf -w SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u https://example.com/ -H 'Host: FUZZ.example.com' -fs 500check sub domain response size, for example filler out responds side equal to 500
ffuf -w /usr/share/seclists/Fuzzing/fuzz-Bo0oM.txt -u http://10.11.11.22/login.php?FUZZ=adminfuzz for parameters, replace the parameter name to fuzz .
ffuf -w /usr/share/seclists/Fuzzing/fuzz-Bo0oM.txt -u http://10.11.11.22/instructions.php?help=FUZZFuzzing for parameter values
ffuf -w parameters.txt -X POST -d “FUZZ=4” -u “https://example.com/search.php”use ffuf with POST to fuzz parameters

For non public sub domains, edit etc/hosts file with the main domain

sudo sh -c 'echo "20.101.66.149 livehack101.com" >> /etc/hosts'

Screenshots gallery

Like this article?

You may also enjoy these articles

SearchSploit: Guide to Exploit Database Search

Searchsploit is a command-line tool that allows users to search the Exploit Database, which is a repository of publicly disclosed vulnerabilities and exploitation techniques. It

Guide to sqlmap tool – sql injection

SQLmap is an powerful open source tool used by hackers to detect and exploit SQL
injection flaws. SQLmap automates the process of detecting and

Hydra

Hydra tool make password cracking to easy task, hydra can brute Force multiple protocols and services like ftp irc ldap2[s] ldap3 mongodb mssql mysql

Scroll to Top