Tools

Definition

FFUF aka Fuzz Faster U Fool is a tool used for fuzzing directories, subdomains, vhosts, and POST data bruteforcing written in Go. It is generally very fast, provided your internet can handle it.

I normally only use it for subdomain discovery, so this is what I will focus the usage on.

Usage

Again, FFUF is a really complete tool for fuzzing and listing all usages would be infinite. Instead, I will focus on subdomain discovery commands.

Normal subdomain discovery
ffuf -w subdomains.txt -u http://website.com/ -H "Host: FUZZ.website.com"
Subdomain discovery knowing correct amount of words
ffuf -w sublists.txt -u http://website.com/ -H "Host: FUZZ.website.com" -fw 3913
Subdomain discovery knowing correct status code
ffuf -w sublists.txt -u http://website.com/ -H "Host: FUZZ.website.com" -fc 401

Output

ffuf -w ~/Subdomain.txt -u https://ffuf.io.fi/ -H "Host: FUZZ"

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v1.3.1
________________________________________________

 :: Method           : GET
 :: URL              : https://ffuf.io.fi/
 :: Wordlist         : FUZZ: /home/max/Subdomain.txt
 :: Header           : Host: FUZZ
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: 200,204,301,302,307,401,403,405
________________________________________________

news                    [Status: 200, Size: 16, Words: 1, Lines: 4]
admin                   [Status: 200, Size: 16, Words: 1, Lines: 4]
newsletter              [Status: 200, Size: 16, Words: 1, Lines: 4]
search                  [Status: 200, Size: 16, Words: 1, Lines: 4]
mobile                  [Status: 200, Size: 16, Words: 1, Lines: 4]
ns3                     [Status: 200, Size: 16, Words: 1, Lines: 4]
mail                    [Status: 200, Size: 16, Words: 1, Lines: 4]
api                     [Status: 200, Size: 16, Words: 1, Lines: 4]
ns1                     [Status: 200, Size: 16, Words: 1, Lines: 4]
dns2                    [Status: 200, Size: 16, Words: 1, Lines: 4]
On this page
DefinitionUsageOutput