ffuf

Overview

ffuf is a lightweight Go-based tool designed for quick web fuzzing. It takes a URL containing the FUZZ placeholder and replaces it with each word from a provided wordlist.

Basic Usage

ffuf -c -w {{path/to/wordlist.txt}} -u {{http://example.com/FUZZ}}

• -c displays colored output, useful for visualizing successful hits.

• -w specifies the wordlist file.

• -u sets the target URL with the FUZZ placeholder.

Advanced Features

1. Subdomain Fuzzing

ffuf -w {{path/to/subdomains.txt}} -u {{http://FUZZ.example.com}}

The keyword can be placed at any position, allowing you to test subdomains.

2. Threads & Probing

ffuf -o -w {{path/to/wordlist.txt}} -u {{http://example.com/FUZZ}} -t {{500}} -x {{http://127.0.0.1:8080}}

• -o saves output to a file.

• -t sets the number of threads (default 40).

• -x enables proxy via an HTTP MITM like Burp Suite or mitmproxy.

3. Header and Status Filtering

ffuf -w {{path/to/wordlist.txt}} -u {{http://example.com}} -H "{{Host: FUZZ}}

## See Also
- [systemd-hwdb: Hardware database management](/blog/systemd-hwdb-guide-linux)
- [ar command: Create, modify, and extract Unix archives](/blog/ar-guide-linux)
- [Linux Guide: find](/blog/find-guide-linux)
- [How to Use the ps Command in Linux?](/blog/ps-guide-linux)
- [rcp: Copy Files Between Local and Remote Hosts](/blog/rcp-guide-linux)
- [How to Use the apt Command for Package Management](/blog/apt-guide-linux)