21 lines
1.3 KiB
Markdown
21 lines
1.3 KiB
Markdown
## What is FFUF
|
|
FFUF is an open-source web fuzzing tool that stands for "Fuzz Faster U Fool". It is designed to help web developers and security professionals discover hidden or undiscovered files, directories, and subdomains by brute-forcing or fuzzing URLs.
|
|
|
|
FFUF supports various HTTP methods such as GET, POST, PUT, DELETE, HEAD, and many more. It also allows the use of custom headers and cookies. The tool can perform content discovery and web content monitoring.
|
|
|
|
## Common uses and commands
|
|
FFUF can be used for various purposes such as directory and file discovery, virtual host discovery, parameter brute-forcing, and many more. Some of the common commands that can be used with FFUF include:
|
|
|
|
Website Enumeration
|
|
```Terminal
|
|
ffuf -u WEBISTE/FUZZ -w WORDLIST -fs NUMBER -fc STATUS -t NUMBER_TREATH
|
|
```
|
|
- -u ---> Website (Include the FUZZ word were you want to Fuzz)
|
|
- -w ---> Wordlist to be select
|
|
- -fs ---> Default response number (bytes) to ignore
|
|
- -fc ---> Response status to ignore (example 404,402, ...)
|
|
|
|
## More Information
|
|
FFUF can be downloaded from its GitHub page at [https://github.com/ffuf/ffuf](https://github.com/ffuf/ffuf). The tool is compatible with Windows, Linux, and macOS. FFUF has extensive documentation available on its GitHub page, including examples, tutorials, and user guides.
|
|
|