fuff

https://www.kali.org/tools/ffuf/

ffuf is a fast web fuzzer written in Go that allows typical directory discovery, virtual host discovery (without DNS records) and GET and POST parameter fuzzing.

Website path

ffuf -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u <url>/FUZZ

Subdomain enumeration

ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u <url> -H "Host:FUZZ.<domain>" -fw 1

Valid username

ffuf -w /usr/share/wordlists/SecLists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u <url> -mr "username already exists"

FUZZ is the variable we are using to bruteforce the attribute "username", in the requests, it will be replaced by every word of the wordlist

Command

Description

-w

Wordlist

-X

Method to use

-d

POST data

-H

Header

-u

URL

-mr

Expected string

Valid password

ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u <URL> -fc 200

Here we are using two variable "w1" and "w2" wich will be replaced in the requests by 2 words from the 2 wordlists defined

Command

Description

-w

2 wordlists, 1 for user & 1 for password

-X

Method

-d

POST Data

-H

Header

-u

URL

-fc

Expected code

PreviousDirb NextJohn The Ripper

Last updated 2 months ago