ffuf is a tool used by many people.
But only a few use the tool effectively.
Here are 9 tips you want to know right away π π§΅
#recontips #ffuf #BugBounty #bugbountytips #attacksurface #ContentDiscovery #cybersecurity
But only a few use the tool effectively.
Here are 9 tips you want to know right away π π§΅
#recontips #ffuf #BugBounty #bugbountytips #attacksurface #ContentDiscovery #cybersecurity
1/1 Standard mode
c: color
ac: auto calibration
r: follow redirects
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -r
$ ffuf -c -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -ac
c: color
ac: auto calibration
r: follow redirects
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -r
$ ffuf -c -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -ac
2/2 Throttle Speed
t: threads
p: seconds of delay between requests (or range e.g. 0.1-1)
$ ffuf -u https://ups[.]com/FUZZ -t 20 -p 0.2 -w ~/wordlists/common.txt
t: threads
p: seconds of delay between requests (or range e.g. 0.1-1)
$ ffuf -u https://ups[.]com/FUZZ -t 20 -p 0.2 -w ~/wordlists/common.txt
3/3 How to enable Dirsearch Mode
D: dirsearch mode
e: extension (for dirsearch wordlist)
$ ffuf -u https://ups[.]com/FUZZ -D -e php -w ~/wordlists/dirsearch_wordlist.txt
D: dirsearch mode
e: extension (for dirsearch wordlist)
$ ffuf -u https://ups[.]com/FUZZ -D -e php -w ~/wordlists/dirsearch_wordlist.txt
4/4 Not only files or directories
H: header
$ ffuf -u https://ups[.]com/ -H "Host: FUZZ" -w ~/wordlists/common_host.txt
$ ffuf -u https://ups[.]com/ -H "X-Forwarded-For: FUZZ" -w ~/wordlists/bypass403.txt -ac
H: header
$ ffuf -u https://ups[.]com/ -H "Host: FUZZ" -w ~/wordlists/common_host.txt
$ ffuf -u https://ups[.]com/ -H "X-Forwarded-For: FUZZ" -w ~/wordlists/bypass403.txt -ac
5/5 Not olny GET
X: HTTP method
d: body data
$ ffuf -u https://ups[.]com/FUZZ -X POST -w ~/wordlists/passwords.txt -d 'user=admin&password=FUZZ'
X: HTTP method
d: body data
$ ffuf -u https://ups[.]com/FUZZ -X POST -w ~/wordlists/passwords.txt -d 'user=admin&password=FUZZ'
6/6 ffuf Output
o: output
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -o ffuf_report (Default json)
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -o ffuf_report.csv -of csv
o: output
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -o ffuf_report (Default json)
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -o ffuf_report.csv -of csv
7/7 Work with your Burp Proxy
x: proxy
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -x http://127.0.0.1:8080
x: proxy
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -x http://127.0.0.1:8080
8/8 Useful Filters
fs: filter size
fc: filter HTTP status code
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -fs 1080
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -fc 302,403
fs: filter size
fc: filter HTTP status code
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -fs 1080
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/common.txt -fc 302,403
9/9 Useful Matchers
mc: match HTTP status code
ml: response lines
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/ddos.txt -mc 500
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/ddos.txt -ml 729
mc: match HTTP status code
ml: response lines
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/ddos.txt -mc 500
$ ffuf -u https://ups[.]com/FUZZ -w ~/wordlists/ddos.txt -ml 729
If you start using them, I guarantee youβll unlock the full power of ffuf
Enjoy this post? Follow me @ReconOne_ for more writing on Bug Bounty, Recon and Attack Surface Management.
Enjoy this post? Follow me @ReconOne_ for more writing on Bug Bounty, Recon and Attack Surface Management.
Loading suggestions...