Editing Ffuf (section)

=== Status Codes ===
HTTP status codes returned during fuzzing give insight into how the server responds to various inputs. Understanding these codes helps identify valid endpoints, error states, redirects, and more.

{| class="wikitable"
! Status Code !! Description
|-
| 200 || OK – The request was successful. Often indicates a valid page or endpoint.
|-
| 204 || No Content – The server processed the request but returned no content. Often used to detect hidden but functional endpoints.
|-
| 301 || Moved Permanently – The resource has been permanently moved to a new URL. May indicate URL redirection behavior.
|-
| 302 || Found – The resource temporarily resides under a different URL. Can be used to detect login redirects or session handling.
|-
| 307 || Temporary Redirect – Similar to 302 but the method is preserved. Indicates temporary redirection.
|-
| 401 || Unauthorized – Authentication is required. Useful for identifying protected areas.
|-
| 403 || Forbidden – Access is denied. Often reveals restricted endpoints that exist but are off-limits.
|-
| 404 || Not Found – The requested resource does not exist. A common baseline for filtering invalid responses.
|-
| 405 || Method Not Allowed – The method (e.g., POST, GET) is not allowed for the requested resource.
|-
| 500 || Internal Server Error – The server encountered an unexpected condition. May indicate exploitable flaws.
|-
| 502 || Bad Gateway – The server received an invalid response from the upstream server.
|-
| 503 || Service Unavailable – The server is currently unavailable. May suggest rate limiting or maintenance.
|-
| 504 || Gateway Timeout – The upstream server failed to send a request in time. May indicate backend issues.
|}