Skip to main content

ffuf: Notes

ffuf: Fuzz Faster U Fool [written in Go]

Source code on GitHub: https://github.com/ffuf/ffuf

apt install ffuf

Example

ffuf -w /usr/share/wordlists/dirb/directory-list-2.3-small.txt -u http://10.10.252.114:8001/web/FUZZ -c -v

Example fuzzing extensions

ffuf -w /usr/share/wordlists/dirb/directory-list-2.3-small.txt -u http://team.thm/FUZZ -c -e .txt,.html,.php,.sh,.json,.bak,.old

Example fuzzing subdomain

# ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://enterprize.thm -H "Host: FUZZ.enterprize.thm" -fs 85

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.1.0
________________________________________________

 :: Method           : GET
 :: URL              : http://enterprize.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt
 :: Header           : Host: FUZZ.enterprize.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403
 :: Filter           : Response size: 85
________________________________________________

maintest                [Status: 200, Size: 24555, Words: 1438, Lines: 49]
:: Progress: [114532/114532] :: Job [1/1] :: 153 req/sec :: Duration: [0:12:26] :: Errors: 0 ::
#

Yet another example fuzzing subdomains - match number of lines

ffuf -u http://cmess.thm -H "Host: FUZZ.cmess.thm" -w /usr/share/seclists/Discovery/DNS/namelist.txt -c -ml 31

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.2.1
________________________________________________

 :: Method           : GET
 :: URL              : http://cmess.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/namelist.txt
 :: Header           : Host: FUZZ.cmess.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response lines: 31
________________________________________________

dev                     [Status: 200, Size: 934, Words: 191, Lines: 31]
:: Progress: [1907/1907] :: Job [1/1] :: 152 req/sec :: Duration: [0:00:16] :: Errors: 0 ::
root@X220:/mnt/d/OneDrive/tryhackme/cmess#

# ffuf -u http://undiscovered.thm -H "Host: FUZZ.undiscovered.thm" -w /usr/share/seclists/Discovery/DNS/namelist.txt -c -ml
69

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.3.0 Kali Exclusive <3
________________________________________________

 :: Method           : GET
 :: URL              : http://undiscovered.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/namelist.txt
 :: Header           : Host: FUZZ.undiscovered.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response lines: 69
________________________________________________

develop                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
gold                    [Status: 200, Size: 4521, Words: 385, Lines: 69]
internet                [Status: 200, Size: 4605, Words: 385, Lines: 69]
mailgate                [Status: 200, Size: 4605, Words: 385, Lines: 69]
manager                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
network                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
start                   [Status: 200, Size: 4542, Words: 385, Lines: 69]
terminal                [Status: 200, Size: 4605, Words: 385, Lines: 69]
:: Progress: [1907/1907] :: Job [1/1] :: 122 req/sec :: Duration: [0:00:17] :: Errors: 0 ::
#

# ffuf -u http://undiscovered.thm/cms/ -H "Host: FUZZ.undiscovered.thm" -w /usr/share/wordlists/dirb/directory-list-2.3-medium.txt -ac

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.3.0 Kali Exclusive <3
________________________________________________

 :: Method           : GET
 :: URL              : http://undiscovered.thm/cms/
 :: Wordlist         : FUZZ: /usr/share/wordlists/dirb/directory-list-2.3-medium.txt
 :: Header           : Host: FUZZ.undiscovered.thm
 :: Follow redirects : false
 :: Calibration      : true
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405
 :: Filter           : Response size: 298,319,293,310
 :: Filter           : Response words: 18
 :: Filter           : Response lines: 10
________________________________________________

deliver                 [Status: 200, Size: 1121, Words: 54, Lines: 37]
:: Progress: [90400/220561] :: Job [1/1] :: 159 req/sec :: Duration: [0:09:29] :: Errors: 0 ::

Related articles

dirb

dirbuster

gobuster

seclists

Labels:

Popular posts from this blog

Microsoft Windows Server 2012 R2 Standard Evaluation Product Key

Microsoft Windows Server 2012 R2 Standard Evaluation D2N9P-3P6X9-2R39C-7RTCD-MDVJX DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Read more

ManageEngine ServiceDesk Plus - Reset password

Let's reset the default administrator's password to 'admin'
Read more

hmailserver: Notes from the field

hmailserver is one of free open source mail servers running on Microsoft Windows operating system.
Read more