Skip to main content

ffuf: Notes

ffuf: Fuzz Faster U Fool [written in Go]

Source code on GitHub: https://github.com/ffuf/ffuf

apt install ffuf

Example

ffuf -w /usr/share/wordlists/dirb/directory-list-2.3-small.txt -u http://10.10.252.114:8001/web/FUZZ -c -v

Example fuzzing extensions

ffuf -w /usr/share/wordlists/dirb/directory-list-2.3-small.txt -u http://team.thm/FUZZ -c -e .txt,.html,.php,.sh,.json,.bak,.old

Example fuzzing subdomain

# ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://enterprize.thm -H "Host: FUZZ.enterprize.thm" -fs 85

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.1.0
________________________________________________

 :: Method           : GET
 :: URL              : http://enterprize.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt
 :: Header           : Host: FUZZ.enterprize.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403
 :: Filter           : Response size: 85
________________________________________________

maintest                [Status: 200, Size: 24555, Words: 1438, Lines: 49]
:: Progress: [114532/114532] :: Job [1/1] :: 153 req/sec :: Duration: [0:12:26] :: Errors: 0 ::
#

Yet another example fuzzing subdomains - match number of lines

ffuf -u http://cmess.thm -H "Host: FUZZ.cmess.thm" -w /usr/share/seclists/Discovery/DNS/namelist.txt -c -ml 31

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.2.1
________________________________________________

 :: Method           : GET
 :: URL              : http://cmess.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/namelist.txt
 :: Header           : Host: FUZZ.cmess.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response lines: 31
________________________________________________

dev                     [Status: 200, Size: 934, Words: 191, Lines: 31]
:: Progress: [1907/1907] :: Job [1/1] :: 152 req/sec :: Duration: [0:00:16] :: Errors: 0 ::
root@X220:/mnt/d/OneDrive/tryhackme/cmess#

# ffuf -u http://undiscovered.thm -H "Host: FUZZ.undiscovered.thm" -w /usr/share/seclists/Discovery/DNS/namelist.txt -c -ml
69

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.3.0 Kali Exclusive <3
________________________________________________

 :: Method           : GET
 :: URL              : http://undiscovered.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/namelist.txt
 :: Header           : Host: FUZZ.undiscovered.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response lines: 69
________________________________________________

develop                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
gold                    [Status: 200, Size: 4521, Words: 385, Lines: 69]
internet                [Status: 200, Size: 4605, Words: 385, Lines: 69]
mailgate                [Status: 200, Size: 4605, Words: 385, Lines: 69]
manager                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
network                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
start                   [Status: 200, Size: 4542, Words: 385, Lines: 69]
terminal                [Status: 200, Size: 4605, Words: 385, Lines: 69]
:: Progress: [1907/1907] :: Job [1/1] :: 122 req/sec :: Duration: [0:00:17] :: Errors: 0 ::
#

# ffuf -u http://undiscovered.thm/cms/ -H "Host: FUZZ.undiscovered.thm" -w /usr/share/wordlists/dirb/directory-list-2.3-medium.txt -ac

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.3.0 Kali Exclusive <3
________________________________________________

 :: Method           : GET
 :: URL              : http://undiscovered.thm/cms/
 :: Wordlist         : FUZZ: /usr/share/wordlists/dirb/directory-list-2.3-medium.txt
 :: Header           : Host: FUZZ.undiscovered.thm
 :: Follow redirects : false
 :: Calibration      : true
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405
 :: Filter           : Response size: 298,319,293,310
 :: Filter           : Response words: 18
 :: Filter           : Response lines: 10
________________________________________________

deliver                 [Status: 200, Size: 1121, Words: 54, Lines: 37]
:: Progress: [90400/220561] :: Job [1/1] :: 159 req/sec :: Duration: [0:09:29] :: Errors: 0 ::

Related articles

dirb

dirbuster

gobuster

seclists

Labels:

Popular posts from this blog

Linux command: Check Current Shell

What is your current shell ?
Read more

Java: Free Online Courses

The Java™ Tutorials by Oracle The Java Tutorials are practical guides for programmers who want to use the Java programming language to create applications. They include hundreds of complete, working examples, and dozens of lessons. Groups of related lessons are organized into "trails". https://docs.oracle.com/javase/tutorial/ Learn to Program in Java at edX.ogr Get started on the path to becoming a software engineer by learning core coding skills in Java—one of the most popular programming languages. https://www.edx.org/course/learn-to-program-in-java-0 Java Tutorial by javapoint.com https://www.javatpoint.com/java-tutorial Java Tutorial by SoloLearn.com I love SoloLearn because I can learn Java - and other popular programming languages - anywhere, any time on your mobile devices. https://www.sololearn.com/Course/Java/ Java on Azure https://docs.microsoft.com/en-us/learn/paths/java-on-azure/
Read more

Powershell: Get-ChildItem

List, search/find files and directories with Get-ChildItem cmdlet.
Read more