F

FFUF Web Fuzzing

Fast web fuzzer for discovering hidden content, directories, files, and vulnerabilities during penetration testing

byjthack
Home/Security/FFUF Web Fuzzing

What is it?

Expert guidance for using ffuf (Fuzz Faster U Fool), a fast web fuzzer designed for discovering hidden content, directories, files, subdomains, and testing for vulnerabilities during penetration testing. Significantly faster than traditional tools like dirb or dirbuster, with a core focus on auto-calibration to dramatically reduce false positives and make results analysis easier for both humans and AI.

How to use it?

The skill emphasizes a best-practices workflow:

  1. Always Use Auto-Calibration - The -ac flag is mandatory for productive pentesting. It automatically detects and filters repetitive false positives, removes noise from dynamic websites, and adapts to the target's specific behavior.

  2. Basic Discovery - Start with simple directory fuzzing:

    ffuf -w wordlist.txt -u https://target.com/FUZZ -ac

  3. Authenticated Fuzzing - For complex authentication, use raw requests instead of command-line flags:

    • Capture authenticated request from Burp Suite or DevTools
    • Save to req.txt with FUZZ keyword in desired location
    • Run: ffuf --request req.txt -w wordlist.txt -ac

  4. Advanced Scenarios - Subdomain enumeration, parameter fuzzing, API endpoint discovery, and vulnerability testing with appropriate filtering and rate limiting.

Always save results (-o results.json -of json) and use rate limiting for stealth (-rate 2 -t 10).

Key Features

  • Auto-calibration (-ac flag) - Automatically filters repetitive responses and adapts to target behavior
  • High-speed fuzzing - Multi-threaded concurrent processing, significantly faster than dirb/dirbuster
  • Authenticated fuzzing with raw requests - Supports JWT tokens, session cookies, CSRF tokens via captured HTTP requests
  • Comprehensive testing capabilities - Directory/file discovery, subdomain enumeration, parameter fuzzing, API endpoints, vulnerability testing
  • Advanced filtering system - Filter by status code, size, regex, line count; interactive mode for runtime adjustments
  • Stealth features - Rate limiting and thread control for avoiding detection
  • Result preservation - JSON output format for programmatic analysis and reporting
  • Defensive security focus - Designed for authorized penetration testing, security research, and responsible disclosure
View on GitHub

GitHub Stats

Stars
Forks
Last Update
Author
jthack
License
MIT
Version
1.0.0

Categories

Security
Developer Tools

Tags

security
fuzzing
penetration-testing
web-security
vulnerability-scanning

Features

💻 Code Execution

Related Skills

More from Security

Codebase Auditor

Comprehensive codebase audit across 6 dimensions: architecture, code quality, security (OWASP Top 10), performance, testing coverage, and maintainability with prioritized action plan

350mhattingpete
Developer Tools
Security

Trail of Bits Security Research

45 security research and vulnerability detection skills from Trail of Bits

3.6kTrail of Bits
security-research
fuzzing
static-analysis
vulnerability

Algorithmic Art

Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration

5.3kAnthropic
Creative
Developer Tools