Tools & Utility

FFUF

Fast and flexible fuzzing tool for web applications written in Go.

#fuzzing#web#bruteforce#go

FFUF: Fast and Flexible Fuzzing

FFUF (Fuzz Faster U Fool) is an open-source fuzzing tool written in Go for discovering hidden files, directories, subdomains, parameters, and more.

Why Use FFUF?

āœ” Blazing fast ā€“ Written in Go āœ” Highly customizable ā€“ Custom wordlists, filters, output formats āœ” Flexible targeting ā€“ Directories, parameters, subdomains, headers āœ” Supports recursion āœ” JSON output for automation

Installation

bash
sudo apt update && sudo apt install ffuf -y

or via Go

go install github.com/ffuf/ffuf/v2@latest

Usage

bash
# Directory Fuzzing
ffuf -u https://example.com/FUZZ -w /usr/share/wordlists/dirb/common.txt


Hidden Parameters

ffuf -u "https://example.com/page.php?FUZZ=test" -w parameters.txt


Subdomain Enumeration

ffuf -u https://FUZZ.example.com -w subdomains.txt -H "Host: FUZZ.example.com"


POST Data Fuzzing

ffuf -u https://example.com/login -w passwords.txt -X POST -d "username=admin&password=FUZZ"


Filter Results

ffuf -u https://example.com/FUZZ -w wordlist.txt -fc 403,404,500


Save Results

ffuf -u https://example.com/FUZZ -w wordlist.txt -o results.json -of json