FFUF A guide to Content Discovery using ffuf

Greeting everyone ! Hope All going good Today In This Blog We will explore How To utilize Content Discovery Phase While Your Doing Vulnerability assessment Against Your targeted Web Application .  We Will explore one of best tool ffuf which is fast web fuzzer .

Content :
  • What is ffuf ?
  • Installation Of ffuf ?
  • Example usage of ffuf ?
  • Advantage of ffuf ?
  • Conclusion
What is ffuf ?

As You many know About  some awesome tool such as dirsearch , dirb , go buster , wfuzz which basically default With kali System or Some linux distribution . FFUF which name as  “Fuzz Faster you Fool” is an open source web fuzzing tool, which discovering elements and content within web applications or web servers in an fast manner  .  Ffuf has different functionality  Such as fuzz directory , vhost discovery , Fuzzing based On parameter GET as POST.

Installation Of ffuf ?

How To install ffuf As we  know ffuf which is developed By go language so before Installation You need to make environment for go installation

To install ffuf :

go build which complied Go Installation . To check installation Guide  through their official Website https://github.com/ffuf/ffuf

Example usage of ffuf ?

First Lets check is Your ffuf is successfully Installed Or Not

Command : ffuf -h

As above picture we used -h to check its usage different flag which we will utilize While your Testing .

Basics flags:
  • -u: the target URL
  • -c: add color to output
  • -r: follow redirects
  • -t: timeout in seconds (default 10)
  • -x: send through a proxy

Now lets discover content , directory Which is present On Our target Domain  for directory and contents which can be discovered with following command :

Ffuf -w wordlist.txt -u http://target.com

As above we used -w which carries our wordlist -u for specific url and make sure set endpoint as fuzz

Example.com/FUZZ . As above picture we got some directory Structure with its 301, 403, 200 etc.

Now supposed we Only need Directory which response code is 200 Only And we want to skip response and we need specific extension type   here will use command :

ffuf -w wordlist.txt -w http://yourdomain.txt/FUZZ -e php,.html -mc 200

As above We see As output able to get Specific Response with Specific File Extension .

Now fuzz specific Parameter field using ffuf . here we will use command :

ffuf -w param.txt -u http://testphp.vulnweb.com/search.php?test=FUZZ -fs 4242  

As above we set parameter list to fuzz against Specific field and  This also assumes an response size of 4242 bytes for invalid GET parameter name.

Lookup website vhost using ffuf is also help us to lookup vhost against our target we will use command :

ffuf -w host.txt -u https://target -H “Host: FUZZ” -fs 4242

We used  the default virtualhost response size is 4242 bytes, we can filter out all the responses of that size (-fs 4242)while fuzzing the Host – header.

This Article is Only for Educational Purpose if your Doing Penetration Testing this tool help you in your Recon process which is also possible to Manipulate backend confidential data .

Advantage of ffuf ?
  • This is fast web fuzzer tool which allow us to fuzz against host , parameter , endpoint directory .
  • We can specify different flags which utilize out testing phase .
  • Ffuf is easy to use and open source

Conclusion : In This Blog we discussed how To use ffuf tool we discus some of its example how utilize this tool on your testing phase . Hope You learn some thing new ! cheers  !

Thanks For Reading……. See You In Another Blog!

Stick With Our Blog : https://securiumsolutions.com/blog/

Author : Pallab Jyoti Borah | VAPT Analyst

Leave a Comment

Your email address will not be published. Required fields are marked *