ffuf (short for "Fuzz Faster U Fool") is a powerful and fast web fuzzer written in Go programming language.
# FFUF: Directory Scanning
# Basic directory scan with wordlist
ffuf -w /path/to/wordlist.txt -u http://target/FUZZ
# Recursively scan directories with 2XX status codes only
ffuf -w /path/to/wordlist.txt -u http://target/FUZZ/FUZZ -recursion -recursion-depth 2 -mc 200
# FFUF: Virtual Host Scanning
# Scan virtual hosts with wordlist
ffuf -w /path/to/wordlist.txt -u http://FUZZ.target/ -H "Host: FUZZ.target"
# FFUF: LFI Fuzzing
# Basic LFI fuzzing with ../
ffuf -w /path/to/wordlist.txt -u http://target/file.php?file=../../FUZZ
# Advanced LFI fuzzing with nullbyte (%00) termination
ffuf -w /path/to/wordlist.txt -u "http://target/file.php?file=../FUZZ%00"
# FFUF: Extension Fuzzing
# Fuzzing file extensions with custom wordlist
ffuf -w /path/to/wordlist.txt -u http://target/file.FUZZ
# Fuzzing multiple extensions at once
ffuf -w /path/to/extensions.txt -u http://target/file.FUZZ
# FFUF: Page Fuzzing
# Fuzzing parameter values on a specific page
ffuf -w /path/to/wordlist.txt -u http://target/page.php?id=FUZZ
# Advanced page fuzzing with cookies and headers
ffuf -w /path/to/wordlist.txt -u http://target/page.php -b "cookie1=value1; cookie2=value2" -H "Authorization: Bearer FUZZ"
# General Tips:
# -w : Specifies the wordlist file
# -u : Specifies the target URL with FUZZ as the placeholder
# -mc : Match only specified HTTP status codes (e.g., -mc 200,404)
# -recursion : Enable directory recursion
# -recursion-depth : Set recursion depth level
# -H : Set custom header (e.g., Host for virtual host scanning)
# -b : Set custom cookies for requests
# %00 : Nullbyte termination for LFI fuzzing