Forrest logo
tool overview
On this page you find all important commands for the CLI tool ffuf. If the command you are looking for is missing please ask our AI.

ffuf

ffuf is a versatile and powerful command line tool used for web content discovery and fuzzing. It is primarily designed for finding hidden web resources, discovering interesting files, and performing directory brute-forcing on web servers.

It supports multiple built-in payload types, such as fuzzing, content discovery, and filter bypass. With the help of these payload types, ffuf can aggressively test for potential vulnerabilities in web applications. It allows users to fuzz different parts of a URL, including path, hostname, and parameters.

ffuf also supports multi-threading, enabling it to send multiple concurrent requests to the target server. This feature greatly improves the speed and efficiency of the scanning process. Additionally, ffuf provides a range of output options, including plain text, JSON, and HTML, making it easy to analyze and share the results.

The tool allows users to define custom headers, cookies, and HTTP methods for each request. It also supports various wordlists and can be easily integrated into existing workflows using its extensive command line options. ffuf even offers user-agent randomization to mimic different browsers and operating systems, thereby avoiding detection or blocking by certain defenses.

Overall, ffuf is a flexible and powerful tool that assists security professionals and web developers in identifying potential security issues and discovering hidden web resources through efficient and effective fuzzing techniques.

List of commands for ffuf:

  • ffuf:tldr:054b9 ffuf: Discover subdomains using a subdomain list on a target website.
    $ ffuf -w ${subdomains-txt} -u ${https:--website-com} -H "${Host: FUZZ-website-com}"
    try on your machine
    explain this command
  • ffuf:tldr:0adad ffuf: Discover directories using a [w]ordlist on a target website with a max individual job time of 60 seconds and recursion discovery depth of 2 levels.
    $ ffuf -w ${path-to-wordlist} -u ${https:--target-FUZZ} -maxtime-job ${60} -recursion -recursion-depth ${2}
    try on your machine
    explain this command
  • ffuf:tldr:21ded ffuf: Fuzz host-[H]eaders with a host file on a target website and [m]atch HTTP 200 [c]ode responses.
    $ ffuf -w ${hosts-txt} -u ${https:--example-org} -H "${Host: FUZZ}" -mc ${200}
    try on your machine
    explain this command
  • ffuf:tldr:3386f ffuf: Fuzz GET parameter on a target website and [f]ilter out message [s]ize response of 4242 bytes.
    $ ffuf -w ${path-to-param_names-txt} -u ${https:--target-script-php?FUZZ=test_value} -fs ${4242}
    try on your machine
    explain this command
  • ffuf:tldr:618b6 ffuf: Fuzz POST method with POST [d]ata of password on a target website and [f]ilter out HTTP response [c]ode 401.
    $ ffuf -w ${path-to-postdata-txt} -X ${POST} -d "${username=admin\&password=FUZZ}" -u ${https:--target-login-php} -fc ${401}
    try on your machine
    explain this command
  • ffuf:tldr:dfaec ffuf: Discover directories using a [w]ordlist on a target [u]rl with [c]olorized and [v]erbose output.
    $ ffuf -w ${path-to-wordlist} -u ${https:--target-FUZZ} -c -v
    try on your machine
    explain this command
tool overview