Skip to main content

ffuf: Notes

ffuf: Fuzz Faster U Fool [written in Go]

Source code on GitHub: https://github.com/ffuf/ffuf

apt install ffuf

Example

ffuf -w /usr/share/wordlists/dirb/directory-list-2.3-small.txt -u http://10.10.252.114:8001/web/FUZZ -c -v

Example fuzzing extensions

ffuf -w /usr/share/wordlists/dirb/directory-list-2.3-small.txt -u http://team.thm/FUZZ -c -e .txt,.html,.php,.sh,.json,.bak,.old

Example fuzzing subdomain

# ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://enterprize.thm -H "Host: FUZZ.enterprize.thm" -fs 85

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.1.0
________________________________________________

 :: Method           : GET
 :: URL              : http://enterprize.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt
 :: Header           : Host: FUZZ.enterprize.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403
 :: Filter           : Response size: 85
________________________________________________

maintest                [Status: 200, Size: 24555, Words: 1438, Lines: 49]
:: Progress: [114532/114532] :: Job [1/1] :: 153 req/sec :: Duration: [0:12:26] :: Errors: 0 ::
#

Yet another example fuzzing subdomains - match number of lines

ffuf -u http://cmess.thm -H "Host: FUZZ.cmess.thm" -w /usr/share/seclists/Discovery/DNS/namelist.txt -c -ml 31

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.2.1
________________________________________________

 :: Method           : GET
 :: URL              : http://cmess.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/namelist.txt
 :: Header           : Host: FUZZ.cmess.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response lines: 31
________________________________________________

dev                     [Status: 200, Size: 934, Words: 191, Lines: 31]
:: Progress: [1907/1907] :: Job [1/1] :: 152 req/sec :: Duration: [0:00:16] :: Errors: 0 ::
root@X220:/mnt/d/OneDrive/tryhackme/cmess#

# ffuf -u http://undiscovered.thm -H "Host: FUZZ.undiscovered.thm" -w /usr/share/seclists/Discovery/DNS/namelist.txt -c -ml
69

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.3.0 Kali Exclusive <3
________________________________________________

 :: Method           : GET
 :: URL              : http://undiscovered.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/namelist.txt
 :: Header           : Host: FUZZ.undiscovered.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response lines: 69
________________________________________________

develop                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
gold                    [Status: 200, Size: 4521, Words: 385, Lines: 69]
internet                [Status: 200, Size: 4605, Words: 385, Lines: 69]
mailgate                [Status: 200, Size: 4605, Words: 385, Lines: 69]
manager                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
network                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
start                   [Status: 200, Size: 4542, Words: 385, Lines: 69]
terminal                [Status: 200, Size: 4605, Words: 385, Lines: 69]
:: Progress: [1907/1907] :: Job [1/1] :: 122 req/sec :: Duration: [0:00:17] :: Errors: 0 ::
#

# ffuf -u http://undiscovered.thm/cms/ -H "Host: FUZZ.undiscovered.thm" -w /usr/share/wordlists/dirb/directory-list-2.3-medium.txt -ac

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.3.0 Kali Exclusive <3
________________________________________________

 :: Method           : GET
 :: URL              : http://undiscovered.thm/cms/
 :: Wordlist         : FUZZ: /usr/share/wordlists/dirb/directory-list-2.3-medium.txt
 :: Header           : Host: FUZZ.undiscovered.thm
 :: Follow redirects : false
 :: Calibration      : true
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405
 :: Filter           : Response size: 298,319,293,310
 :: Filter           : Response words: 18
 :: Filter           : Response lines: 10
________________________________________________

deliver                 [Status: 200, Size: 1121, Words: 54, Lines: 37]
:: Progress: [90400/220561] :: Job [1/1] :: 159 req/sec :: Duration: [0:09:29] :: Errors: 0 ::

Related articles

dirb

dirbuster

gobuster

seclists

Labels:

Popular posts from this blog

IIS: Delete cached files on server running IIS

Delete cached files on server running IIS When changing css, javascript files, check to delete if IIS still caches old files in the default folder C:\inetpub\temp\IIS Temporary Compressed Files\<sitename>\$^_gzip_D^\ Apply to: IIS 8.5
Read more

Linux command: du - disk usage

Where have all my storage gone? du summarize disk usage of the set of FILEs, recursively for directories.
Read more

ManageEngine ServiceDesk Plus - Reset password

Let's reset the default administrator's password to 'admin'
Read more