Ffuf, a great tool for your next penetration test.

Ffuf stands for "Fuzz faster you fool". It is an open source tool for content discovery of web applications. Its a fast tool for fuzzing websites and can be found here on github, here: https://github.com/ffuf/ffuf

Ffuf "Fuzz Faster U Fool" was created and is maintained by Joohoi.

This an open source web fuzzing tool, intended for discovering elements and content within web applications, or web servers. A cli-based web attack tool written in Go. This is very similar the Burp Suite Intruder without the GUI. Its on Linux CLI and runs very fast, easy to use, but hard to pronounce.

Typical directory discovery

By using the FUZZ keyword at the end of URL (-u):

ffuf -w /path/to/wordlist -u https://target/FUZZ

Virtual host discovery (without DNS records)

Assuming that the default virtual-host response size is 4242 bytes, we can filter out all the responses of that size (-fs 4242) while fuzzing the Host – header:

ffuf -w /path/to/vhost/wordlist -u https://target -H “Host: FUZZ” -fs 4242

• GET parameter fuzzing

  • If the url parameter is unknown, you can limit the parameter size to a specific side to Fuzz the host header.

  • If it is known, you can limit to smaller byte size. Say, 3000,300, 250, etc.

  • this will return an http response of 401

  • focusing on GET data

• POST data fuzzing : ffuf -w /path/to/postdata.txt -X POST -d “username=admin\&password=FUZZ” -u https://target/login.php -fc 401

  • here, we're filtering out the 401 responses

  • Using FUZZ keyword

  • focusing on POST data

I use Ffuf all the time and recommend it. One thing to consider, if you're using Kali Linux, the syntax for where your word list is located may be different versus using Parrot OS or Arch.