Skip to main content

ffuf: Notes

ffuf: Fuzz Faster U Fool [written in Go]

Source code on GitHub: https://github.com/ffuf/ffuf

apt install ffuf

Example

ffuf -w /usr/share/wordlists/dirb/directory-list-2.3-small.txt -u http://10.10.252.114:8001/web/FUZZ -c -v

Example fuzzing extensions

ffuf -w /usr/share/wordlists/dirb/directory-list-2.3-small.txt -u http://team.thm/FUZZ -c -e .txt,.html,.php,.sh,.json,.bak,.old

Example fuzzing subdomain

# ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://enterprize.thm -H "Host: FUZZ.enterprize.thm" -fs 85

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.1.0
________________________________________________

 :: Method           : GET
 :: URL              : http://enterprize.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt
 :: Header           : Host: FUZZ.enterprize.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403
 :: Filter           : Response size: 85
________________________________________________

maintest                [Status: 200, Size: 24555, Words: 1438, Lines: 49]
:: Progress: [114532/114532] :: Job [1/1] :: 153 req/sec :: Duration: [0:12:26] :: Errors: 0 ::
#

Yet another example fuzzing subdomains - match number of lines

ffuf -u http://cmess.thm -H "Host: FUZZ.cmess.thm" -w /usr/share/seclists/Discovery/DNS/namelist.txt -c -ml 31

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.2.1
________________________________________________

 :: Method           : GET
 :: URL              : http://cmess.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/namelist.txt
 :: Header           : Host: FUZZ.cmess.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response lines: 31
________________________________________________

dev                     [Status: 200, Size: 934, Words: 191, Lines: 31]
:: Progress: [1907/1907] :: Job [1/1] :: 152 req/sec :: Duration: [0:00:16] :: Errors: 0 ::
root@X220:/mnt/d/OneDrive/tryhackme/cmess#

# ffuf -u http://undiscovered.thm -H "Host: FUZZ.undiscovered.thm" -w /usr/share/seclists/Discovery/DNS/namelist.txt -c -ml
69

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.3.0 Kali Exclusive <3
________________________________________________

 :: Method           : GET
 :: URL              : http://undiscovered.thm
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/DNS/namelist.txt
 :: Header           : Host: FUZZ.undiscovered.thm
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response lines: 69
________________________________________________

develop                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
gold                    [Status: 200, Size: 4521, Words: 385, Lines: 69]
internet                [Status: 200, Size: 4605, Words: 385, Lines: 69]
mailgate                [Status: 200, Size: 4605, Words: 385, Lines: 69]
manager                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
network                 [Status: 200, Size: 4584, Words: 385, Lines: 69]
start                   [Status: 200, Size: 4542, Words: 385, Lines: 69]
terminal                [Status: 200, Size: 4605, Words: 385, Lines: 69]
:: Progress: [1907/1907] :: Job [1/1] :: 122 req/sec :: Duration: [0:00:17] :: Errors: 0 ::
#

# ffuf -u http://undiscovered.thm/cms/ -H "Host: FUZZ.undiscovered.thm" -w /usr/share/wordlists/dirb/directory-list-2.3-medium.txt -ac

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.3.0 Kali Exclusive <3
________________________________________________

 :: Method           : GET
 :: URL              : http://undiscovered.thm/cms/
 :: Wordlist         : FUZZ: /usr/share/wordlists/dirb/directory-list-2.3-medium.txt
 :: Header           : Host: FUZZ.undiscovered.thm
 :: Follow redirects : false
 :: Calibration      : true
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405
 :: Filter           : Response size: 298,319,293,310
 :: Filter           : Response words: 18
 :: Filter           : Response lines: 10
________________________________________________

deliver                 [Status: 200, Size: 1121, Words: 54, Lines: 37]
:: Progress: [90400/220561] :: Job [1/1] :: 159 req/sec :: Duration: [0:09:29] :: Errors: 0 ::

Related articles

dirb

dirbuster

gobuster

seclists

Labels:

Popular posts from this blog

Hydra: Notes

Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Read more

Office 365: Alert Policies - Creation of forwarding/redirect rule

The default Creation of forwarding/redirect rule alert policy will be triggered when end-users create rule to forward or redirect mail
Read more

Free Software Foundation

Richard Stallman founded the Free Software Foundation in 1985 to support the free software movement, promoting the universal freedom to study, distribute, create and modify computer software.
Read more