Editing
Ffuf
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Examples == === <span id="ex-u"></span>Target URL === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt # Output: # /admin [Status: 301, Size: 0, Words: 1, Lines: 1] # /login [Status: 200, Size: 1024, Words: 132, Lines: 15] </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-w"></span>Wordlist Option === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt # Output: # /secret [Status: 403, Size: 512, Words: 22, Lines: 4] </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-input-cmd"></span>Input from Command === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ --input-cmd "seq 1 100" # Output: # /12 [Status: 200, Size: 900, Words: 100, Lines: 10] </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-input-num"></span>Fuzz Numeric Range === <syntaxhighlight lang="bash"> ffuf -u https://target.com/user?id=FUZZ --input-num 1-100 # Output: # user?id=42 [Status: 200, Size: 1500, Words: 150, Lines: 20] </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-fc"></span>Filter by Status Code === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt -fc 404 # Output: # All 404 responses are hidden </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-mc"></span>Match Specific Status Code === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt -mc 200 # Output: # /dashboard [Status: 200, Size: 2048, Words: 250, Lines: 25] </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-fw"></span>Filter by Word Count === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt -fw 0 # Output: # Only responses with more than 0 words are shown </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-ml"></span>Match by Line Count === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt -ml 10 # Output: # /help [Status: 200, Size: 850, Words: 90, Lines: 10] </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-fs"></span>Filter by Size === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt -fs 1234 # Output: # /about [Status: 200, Size: 1234, Words: 140, Lines: 12] </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-filter-regex"></span>Filter by Regex === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt --filter-regex "Not Found" # Output: # Only responses that do not contain "Not Found" in the body are shown </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-o"></span>Output to File === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt -o results.txt # Output: # Results saved to results.txt </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-of"></span>Specify Output Format === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt -o results.json -of json # Output: # Results saved in JSON format to results.json </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-or"></span>Show Redirect Location === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt -or # Output: # /old-page [Status: 301, Redirect: /new-page] </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-H"></span>Custom Header Fuzzing === <syntaxhighlight lang="bash"> ffuf -u http://127.0.0.1/ -H "Host: FUZZ.target.com" -w subdomains.txt # Output: # Host: admin.target.com [Status: 200, Size: 5120, Words: 500, Lines: 30] </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-X"></span>Use POST Method === <syntaxhighlight lang="bash"> ffuf -X POST -d "username=admin&password=FUZZ" -u https://target.com/login -w rockyou.txt # Output: # Password guess "letmein" returns Status: 302 (Login success redirect) </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-d"></span>POST Data with FUZZ === <syntaxhighlight lang="bash"> ffuf -X POST -d "q=FUZZ" -u https://target.com/search -w payloads.txt # Output: # Payload "admin" produces search results page (Status: 200) </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-t"></span>Threads for Speed === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt -t 100 # Output: # Much faster scan due to increased concurrency </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-p"></span>Delay Between Requests === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt -p 0.5 # Output: # Slower scan with 0.5s delay between requests (useful to avoid rate limits) </syntaxhighlight> ''[[#options|β Options]]'' === <span id="ex-timeout"></span>Set Request Timeout === <syntaxhighlight lang="bash"> ffuf -u https://target.com/FUZZ -w wordlist.txt --timeout 5 # Output: # Requests that take more than 5 seconds will be skipped </syntaxhighlight> ''[[#options|β Options]]''
Summary:
Please note that all contributions to HackOps may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
HackOps:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
Edit source
View history
More
Search
Navigation
Tools
What links here
Related changes
Special pages
Page information