X0NE 6 months ago

FFUF cheat sheet for penetration testers

ffuf (short for "Fuzz Faster U Fool") is a powerful and fast web fuzzer written in Go programming language.

# FFUF: Directory Scanning


# Basic directory scan with wordlist

ffuf -w /path/to/wordlist.txt -u http://target/FUZZ


# Recursively scan directories with 2XX status codes only

ffuf -w /path/to/wordlist.txt -u http://target/FUZZ/FUZZ -recursion -recursion-depth 2 -mc 200


# FFUF: Virtual Host Scanning


# Scan virtual hosts with wordlist

ffuf -w /path/to/wordlist.txt -u http://FUZZ.target/ -H "Host: FUZZ.target"


# FFUF: LFI Fuzzing


# Basic LFI fuzzing with ../

ffuf -w /path/to/wordlist.txt -u http://target/file.php?file=../../FUZZ


# Advanced LFI fuzzing with nullbyte (%00) termination

ffuf -w /path/to/wordlist.txt -u "http://target/file.php?file=../FUZZ%00"


# FFUF: Extension Fuzzing


# Fuzzing file extensions with custom wordlist

ffuf -w /path/to/wordlist.txt -u http://target/file.FUZZ


# Fuzzing multiple extensions at once

ffuf -w /path/to/extensions.txt -u http://target/file.FUZZ


# FFUF: Page Fuzzing


# Fuzzing parameter values on a specific page

ffuf -w /path/to/wordlist.txt -u http://target/page.php?id=FUZZ


# Advanced page fuzzing with cookies and headers

ffuf -w /path/to/wordlist.txt -u http://target/page.php -b "cookie1=value1; cookie2=value2" -H "Authorization: Bearer FUZZ"


# General Tips:


# -w : Specifies the wordlist file

# -u : Specifies the target URL with FUZZ as the placeholder

# -mc : Match only specified HTTP status codes (e.g., -mc 200,404)

# -recursion : Enable directory recursion

# -recursion-depth : Set recursion depth level

# -H : Set custom header (e.g., Host for virtual host scanning)

# -b : Set custom cookies for requests

# %00 : Nullbyte termination for LFI fuzzing


0
318
Cyber Security Useful Links

Cyber Security Useful Links

defaultuser.png
Durgeshkt
7 months ago
find command CheatSheet

find command CheatSheet

defaultuser.png
Durgeshkt
6 months ago

CS cybersecurity crisis

defaultuser.png
Kend
6 months ago
Nmap (Network Mapper )

Nmap (Network Mapper )

defaultuser.png
Admin
2 weeks ago
DNS HIJACKING

DNS HIJACKING

defaultuser.png
Admin
1 month ago