FFUF (Fuzz Faster U Fool) is a command-line tool that is used for subdomain and directory discovery during web application security testing. The tool is designed to perform brute-force attacks on web servers in order to discover subdomains and directories that may be hidden or not easily discoverable through other means. It does this by sending a large number of requests to a target server, each with a different word or phrase that it is attempting to match to a subdomain or directory.
FFUF can be used in a variety of different ways, depending on the specific needs of the security tester. For example, it can be used to discover subdomains on a target server by sending requests to the server with a list of known subdomains and attempting to match them to actual subdomains on the server. Additionally, it can be used to discover directories on a target server by sending requests to the server with a list of common directory names and attempting to match them to actual directories on the server.
One of the key features of FFUF is its high performance and flexibility. The tool is designed to be fast and efficient, and it can be customized to suit the specific needs of the security tester. Additionally, FFUF has a variety of options and parameters that can be adjusted to fine-tune its behavior and make it more effective in different scenarios.
ffuf Command Examples
1. Discover directories using a [w]ordlist on a target [u]rl with [c]olorized and [v]erbose output:
# ffuf -w path/to/wordlist -u https://target/FUZZ -c -v
2. Fuzz host-[H]eaders with a host file on a target website and [m]atch HTTP 200 [c]ode responses:
# ffuf -w hosts.txt -u https://example.org -H "Host:FUZZ" -mc 200
3. Discover directories using a [w]ordlist on a target website with a max individual job time of 60 seconds and recursion discovery depth of 2 levels:
# ffuf -w path/to/wordlist -u https://target/FUZZ -maxtime-job 60 -recursion -recursion-depth 2
4. Fuzz GET parameter on a target website and [f]ilter out message [s]ize response of 4242 bytes:
# ffuf -w path/to/param_names.txt -u https://target/script.php?FUZZ=test_value -fs 4242
5. Fuzz POST method with POST [d]ata of password on a target website and [f]ilter out HTTP response [c]ode 401:
# ffuf -w path/to/postdata.txt -X POST -d "username=admin\&password=FUZZ" -u https://target/login.php -fc 401
6. Discover subdomains using a subdomain list on a target website:
# ffuf -w subdomains.txt -u https://website.com -H "Host: FUZZ.website.com"