Forrest logo
back to the ffuf tool

ffuf:tldr:054b9

ffuf: Discover subdomains using a subdomain list on a target website.
$ ffuf -w ${subdomains-txt} -u ${https:--website-com} -H "${Host: FUZZ-website-com}"
try on your machine

This command is using the ffuf tool, a fast web fuzzer, for scanning and discovering subdomains on a website.

Here is a breakdown of the command:

  • ffuf: This is the command to execute ffuf.
  • -w ${subdomains-txt}: This specifies the wordlist or dictionary file to be used for subdomain brute-forcing. ${subdomains-txt} is a placeholder for the actual filename or the path to the file with a list of subdomains.
  • -u ${https:--website-com}: This defines the target URL to be scanned. ${https:--website-com} is a placeholder for the actual URL. Note that the given example assumes the website URL starts with https://.
  • -H "${Host: FUZZ-website-com}": This sets a custom header for each request being made during the scanning process. The custom header is Host with the value FUZZ-website-com. ${Host} is a placeholder that will be replaced by ffuf with each entry from the wordlist while fuzzing.

Overall, this command will run ffuf, providing it with a wordlist of subdomains, the target website URL, and a custom header. ffuf will then perform a brute-forcing operation by substituting the FUZZ keyword in the custom header with each entry from the wordlist, effectively trying each subdomain against the target website.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.
back to the ffuf tool