F

FFUF Web Fuzzing

Fast web fuzzer for discovering hidden content, directories, files, and vulnerabilities during penetration testing

Byjthack
Home/Security/FFUF Web Fuzzing

WhatIsIt

Expert guidance for using ffuf (Fuzz Faster U Fool), a fast web fuzzer designed for discovering hidden content, directories, files, subdomains, and testing for vulnerabilities during penetration testing. Significantly faster than traditional tools like dirb or dirbuster, with a core focus on auto-calibration to dramatically reduce false positives and make results analysis easier for both humans and AI.

HowToUse

The skill emphasizes a best-practices workflow:

  1. Always Use Auto-Calibration - The -ac flag is mandatory for productive pentesting. It automatically detects and filters repetitive false positives, removes noise from dynamic websites, and adapts to the target's specific behavior.

  2. Basic Discovery - Start with simple directory fuzzing:

    ffuf -w wordlist.txt -u https://target.com/FUZZ -ac

  3. Authenticated Fuzzing - For complex authentication, use raw requests instead of command-line flags:

    • Capture authenticated request from Burp Suite or DevTools
    • Save to req.txt with FUZZ keyword in desired location
    • Run: ffuf --request req.txt -w wordlist.txt -ac

  4. Advanced Scenarios - Subdomain enumeration, parameter fuzzing, API endpoint discovery, and vulnerability testing with appropriate filtering and rate limiting.

Always save results (-o results.json -of json) and use rate limiting for stealth (-rate 2 -t 10).

KeyFeatures

  • Auto-calibration (-ac flag) - Automatically filters repetitive responses and adapts to target behavior
  • High-speed fuzzing - Multi-threaded concurrent processing, significantly faster than dirb/dirbuster
  • Authenticated fuzzing with raw requests - Supports JWT tokens, session cookies, CSRF tokens via captured HTTP requests
  • Comprehensive testing capabilities - Directory/file discovery, subdomain enumeration, parameter fuzzing, API endpoints, vulnerability testing
  • Advanced filtering system - Filter by status code, size, regex, line count; interactive mode for runtime adjustments
  • Stealth features - Rate limiting and thread control for avoiding detection
  • Result preservation - JSON output format for programmatic analysis and reporting
  • Defensive security focus - Designed for authorized penetration testing, security research, and responsible disclosure
ViewOnGitHub

GithubStats

Stars
Forks
LastUpdate
Author
jthack
License
MIT
Version
1.0.0

Categories

Security
Dev

Tags

security
fuzzing
penetration-testing
web-security
vulnerability-scanning

Features

CodeExecution

RelatedSkills

MoreFrom
A

Algorithmic Art

Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration

Creative
Dev
A

Artifacts Builder

Build complex claude.ai HTML artifacts using React, Tailwind CSS, and shadcn/ui components

Dev
M

MCP Builder

Guide for creating high-quality MCP servers to integrate external APIs and services

Dev