F

FFUF Web Fuzzing

Fast web fuzzer for discovering hidden content, directories, files, and vulnerabilities during penetration testing

Byjthack
Home/Security/FFUF Web Fuzzing

WhatIsIt

Expert guidance for using ffuf (Fuzz Faster U Fool), a fast web fuzzer designed for discovering hidden content, directories, files, subdomains, and testing for vulnerabilities during penetration testing. Significantly faster than traditional tools like dirb or dirbuster, with a core focus on auto-calibration to dramatically reduce false positives and make results analysis easier for both humans and AI.

HowToUse

The skill emphasizes a best-practices workflow:

  1. Always Use Auto-Calibration - The -ac flag is mandatory for productive pentesting. It automatically detects and filters repetitive false positives, removes noise from dynamic websites, and adapts to the target's specific behavior.

  2. Basic Discovery - Start with simple directory fuzzing:

    ffuf -w wordlist.txt -u https://target.com/FUZZ -ac

  3. Authenticated Fuzzing - For complex authentication, use raw requests instead of command-line flags:

    • Capture authenticated request from Burp Suite or DevTools
    • Save to req.txt with FUZZ keyword in desired location
    • Run: ffuf --request req.txt -w wordlist.txt -ac

  4. Advanced Scenarios - Subdomain enumeration, parameter fuzzing, API endpoint discovery, and vulnerability testing with appropriate filtering and rate limiting.

Always save results (-o results.json -of json) and use rate limiting for stealth (-rate 2 -t 10).

KeyFeatures

  • Auto-calibration (-ac flag) - Automatically filters repetitive responses and adapts to target behavior
  • High-speed fuzzing - Multi-threaded concurrent processing, significantly faster than dirb/dirbuster
  • Authenticated fuzzing with raw requests - Supports JWT tokens, session cookies, CSRF tokens via captured HTTP requests
  • Comprehensive testing capabilities - Directory/file discovery, subdomain enumeration, parameter fuzzing, API endpoints, vulnerability testing
  • Advanced filtering system - Filter by status code, size, regex, line count; interactive mode for runtime adjustments
  • Stealth features - Rate limiting and thread control for avoiding detection
  • Result preservation - JSON output format for programmatic analysis and reporting
  • Defensive security focus - Designed for authorized penetration testing, security research, and responsible disclosure
ViewOnGitHub

GithubStats

Stars
Forks
LastUpdate
Author
jthack
License
MIT
Version
1.0.0

Categories

Security
Dev

Tags

security
fuzzing
penetration-testing
web-security
vulnerability-scanning

Features

CodeExecution

RelatedSkills

MoreFrom

Algorithmic Art

Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration

Creative
Dev

Artifacts Builder

Build complex claude.ai HTML artifacts using React, Tailwind CSS, and shadcn/ui components

Dev

MCP Builder

Guide for creating high-quality MCP servers to integrate external APIs and services

Dev