FFUF (Fuzz Faster U Fool) is a fast, open-source web fuzzing tool used to discover hidden directories, files, subdomains, and parameters. It works by systematically sending payloads from a wordlist to a target URL, substituting a specific keyword (usually FUZZ) and monitoring the responses.
Usage#
ffuf -w path/to/wordlist.txt -u http://target.com/FUZZ1. Basic Directory and File Discovery#
ffuf -w /usr/share/wordlists/dirb/common.txt -u http://example.com2. Finding Specific File Extensions#
To search only for specific file types (e.g., .php, .html, .txt), append the extension after the FUZZ keyword.
ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -u http://example.com3. Fuzzing GET Parameters#
Discover hidden parameters in a URL by placing the FUZZ keyword in the parameter name.
ffuf -w /usr/share/wordlists/SecLists/Discovery/Web-Content/burp-parameter-names.txt -u http://example.com4. Fuzzing POST Data (Login Forms)#
Send data via a POST request using the -X and -d flags.
ffuf -w /usr/share/wordlists/SecLists/Passwords/Common-Credentials.txt -u http://example.com -X POST -d "username=admin&password=FUZZ"5. Fuzzing Subdomains#
Substitute the FUZZ keyword at the beginning of the URL (assuming you have mapped the domain in your /etc/hosts file or own the domain).
ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -u http://example.comFiltering and Matching Output#
By default, ffuf can generate a lot of noise. Use matching and filtering flags to clean up the output:
-mc: Match HTTP status codes (e.g.,-mc 200,301,302)-fc: Filter/hide HTTP status codes (e.g.,-fc 403)-fs: Filter responses by a specific file size in bytes (useful for hiding default “404 Not Found” pages).
For full documentation, tips, and configurations, visit the official ffuf GitHub Repository ↗.