Dashboard > Mind Maps > Fuzzing Workflow with Ffuf

Fuzzing Workflow with Ffuf

Web fuzzing methodology

Tip: Click on any node to see related information!

MAP Interactive Mind Map

graph TD A[Target URL] --> B{Fuzzing Type} B --> C[Directory Fuzzing] B --> D[Extension Fuzzing] B --> E[Parameter Fuzzing] B --> F[VHost Fuzzing] C --> G[Wordlist Selection] G --> H[Filter Responses] H --> I[Analyze Results] I --> J[Recursion]

MODULES Related Modules

Attacking Web Apps with Ffuf

Directory and parameter fuzzing with ffuf....

Web

REF Quick Reference

Directory Fuzzing

ffuf -u http://10.10.10.5/FUZZ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt # Basic directory fuzzing

Extension Fuzzing

ffuf -u http://10.10.10.5/indexFUZZ -w extensions.txt # Fuzz file extensions

Parameter Fuzzing

ffuf -u http://10.10.10.5/page?FUZZ=value -w params.txt # Fuzz GET parameters

Subdomain

ffuf -u http://FUZZ.domain.com -w subdomains.txt -H 'Host: FUZZ.domain.com' # Fuzz subdomains (vhost)

Filters

-fc 404    # Filter out 404 responses
-fs 0      # Filter out responses with size 0
-fw 10     # Filter out responses with 10 words

Back to Mind Maps View Full Module

Save Your Progress