Scribd
Upload
396 views3 pages

FFUF Notes

This document provides examples of how to use the ffuf tool to fuzz websites and APIs. It demonstrates different parameters and flags for ffuf including adding delays, filtering responses, fuzzing multiple values or locations, recursing directories, importing requests, and fuzzing beyond authentication. The examples range from basic usage to more advanced techniques for bug hunting or penetration testing.

Uploaded by

David
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
396 views3 pages

FFUF Notes

This document provides examples of how to use the ffuf tool to fuzz websites and APIs. It demonstrates different parameters and flags for ffuf including adding delays, filtering responses, fuzzing multiple values or locations, recursing directories, importing requests, and fuzzing beyond authentication. The examples range from basic usage to more advanced techniques for bug hunting or penetration testing.

Uploaded by

David
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
You are on page 1/ 3

# Default

ffuf -c -w /home/belisarius/WORDLISTS/federal_reserve/total_wordlist -u
http://philfrb.org/FUZZ -replay-proxy http://127.0.0.1:8080 -recursion

How to use ffuf – Hacker Toolbox

# Replay Proxy (local)


ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080

# Basic Usage
ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080

# Basic Usage With a Cookie


ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080 -b
"laravel_session=eyJpdiI6Ii8wQU11dTVlUkg2alRHUXBIVzlGSnc9PSIsInZhbHVlIjoiOWs3YllJWT
dqNC9xa1pMeFRvMFh0OE1vRFpaWm9GSzFkRktVZS9yUHBDM0lIazZ4K0NsbndxWVIxQ05VZWhqZUZaR0RGQ
WlFdmdDc24yWllYRklGSXI5STd2b05Pam4yRXIwV1BUWkZhUnFLNUFzOWsycmRHcnlxS0FqRWNsSnEiLCJt
YWMiOiI3ZTliMmM2YzIxOTExNDE0NmVjYTYyMGI4Nzg4YzJiYjNmNjVkNDI1YzEyODYwMzY5YzczNzY3NTU
wZDk0OGYzIn0%3D;"

# Adding a delay
ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080 –p 1 –t 3

# Adding a delay (new method)


ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080 –rate 100

# Fuzzing 2 values
ffuf -w wordlist.txt:FUZZ -w actions-lowercase.txt:ME -u
http://127.0.0.1:8000/api/FUZZ/ME -o output.txt -replay-proxy http://127.0.0.1:8080

# Simple Filter
ffuf -w wordlist.txt:FUZZ -w actions-lowercase.txt:ME -u
http://127.0.0.1:8000/api/FUZZ/ME -o output.txt -replay-proxy http://127.0.0.1:8080
-fw 1

# Simple Matcher
ffuf -w wordlist.txt:FUZZ -w actions-lowercase.txt:ME -u
http://127.0.0.1:8000/api/FUZZ/ME -o output.txt -replay-proxy http://127.0.0.1:8080
-mc 302

# Custom Filters
ffuf -w wordlist.txt:FUZZ -w numbers.txt:ME -u http://127.0.0.1:8000/api/FUZZ/ME -o
output.txt -replay-proxy http://127.0.0.1:8080 -fr "not found"

# Fuzzing Post Data


ffuf -w wordlist.txt -X POST -d "email=df%40fd.com&issue=dsafd&information=FUZZ" -u
http://127.0.0.1:8000/vulnerability -replay-proxy http://127.0.0.1:8080

# Fuzzing Parameters (POST)


ffuf -w wordlist.txt -X POST -d "email=df%40fd.com&issue=dsafd&FUZZ=test" -u
http://127.0.0.1:8000/vulnerability -replay-proxy http://127.0.0.1:8080
# Fuzzing Parameters (GET)
ffuf -w wordlist.txt -u http://127.0.0.1:8000/contact/submit?FUZZ=d
%40d.com&issue=df -o output.txt -replay-proxy http://127.0.0.1:8080

# Fuzzing JSON Post Data


ffuf -w wordlist.txt -X "PUT" -u http://127.0.0.1:8000/api/users/6 -H "Content-
Type: application/json" -d "{'FUZZ':'test'}" -o output.txt -replay-proxy
http://127.0.0.1:8080

How to Master FFUF for Bug Bounties and Pen Testing

# Recursive Fuzzing (word “panel” must be included at the end of wordlist)

ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-


proxy http://127.0.0.1:8080 -recursion

# Recursive Fuzzing + adding extensions

ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-


proxy http://127.0.0.1:8080 -recursion -e .bak(or .zip, _com, .ico etc)

# Fuzzing multiple locations

ffuf -u http://W2/W1 -w
/home/belisarius/WORDLISTS/federal_reserve/total_wordlist:W1 -w
/home/belisarius/Bug_Hunting/federalreserve_com/active_subs2/new_domains:W2
-replay-proxy http://127.0.0.1:8080 -p 1 -t 3

# Fuzzing multiple locations, with delay and recursion

ffuf -u http://W2/FUZZ -w
/home/belisarius/WORDLISTS/federal_reserve/total_wordlist:FUZZ -w
/home/belisarius/Bug_Hunting/federalreserve_com/active_subs2/new_domains:W2
-replay-proxy http://127.0.0.1:8080 -recursion -p 1 -t 3

# Fuzzing automatic calibrate filtering

ffuf -c -w /home/belisarius/WORDLISTS/federal_reserve/total_wordlist -u
http://philfrb.org/FUZZ -replay-proxy http://127.0.0.1:8080 -ac

# Fuzzing with piping to another program or file

ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-


proxy http://127.0.0.1:8080 | tee ./outfile.txt

# Fuzzing beyond authentication (in this case, cookie-based). Custom cookies


ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080 -b “NAME1=VALUE1; NAME2=VALUE2”

# Fuzzing beyond authentication (in this case, header-based). Custom headers

ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-


proxy http://127.0.0.1:8080 -H “NAME1=VALUE1; NAME2=VALUE2”

# Fuzzing importing requests (for very specific directory fuzzing)

ffuf -request tmp/request -w /wordlist

# Fuzzing wordlist modes

ffuf -request tmp/request -w /wordlist

# Fuzzing to stop on spurious errors

ffuf -c -w /home/belisarius/WORDLISTS/federal_reserve/total_wordlist -u
http://philfrb.org/FUZZ -replay-proxy http://127.0.0.1:8080 -se

ffuf -h (good to read documentation to learn all flags which will help in mastery
and calibration.)

To active FFUF in a terminal window:

export GOROOT=/usr/local/go

export GOPATH=$HOME/go

export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
echo 'export GOROOT=/usr/local/go' >> ~/.bash_profile
echo 'export GOPATH=$HOME/go'>> ~/.bash_profile
echo 'export PATH=$GOPATH/bin:$GOROOT/bin:$PATH' >> ~/.bash_profile
source ~/.bash_profile

You might also like