ffuf:tldr:21ded

ffuf: Fuzz host-[H]eaders with a host file on a target website and [m]atch HTTP 200 [c]ode responses.

ffuf

$ ffuf -w ${hosts-txt} -u ${https:--example-org} -H "${Host: FUZZ}" -mc ${200}

try on your machine

This is a command using a tool called "ffuf" with a set of options and arguments:

ffuf is a web-focused tool used for scanning and fuzzing web applications.
-w ${hosts-txt} specifies the wordlist file ${hosts-txt} as the input for the target hosts.
-u ${https:--example-org} specifies the URL ${https:--example-org} as the target to fuzz.
-H "${Host: FUZZ}" sets the HTTP header Host to the value FUZZ. The FUZZ keyword indicates that it will be replaced with the elements from the wordlist mentioned earlier.
-mc ${200} is used to filter out responses that don't have the HTTP response status code 200.

In summary, this command uses ffuf to fuzz the specified URL by replacing the Host header value with elements from a provided wordlist, and filters out responses that do not have the HTTP response status code 200.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.

back to the ffuf tool