Packages and Binaries:
ffuf is a fest web fuzzer written in Go that allows typical directory discovery, virtual host discovery (without DNS records) and GET and POST parameter fuzzing.
Installed size: 6.99 MB
How to install: sudo apt install ffuf
ffuf
Fast web fuzzer written in Go
[email protected]:~# ffuf -h Fuzz Faster U Fool - v2.0.0-dev HTTP OPTIONS: -H Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted. -X HTTP method to use -b Cookie data `"NAME1=VALUE1; NAME2=VALUE2"` for copy as curl functionality. -d POST data -http2 Use HTTP2 protocol (default: false) -ignore-body Do not fetch the response content. (default: false) -r Follow redirects (default: false) -recursion Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false) -recursion-depth Maximum recursion depth. (default: 0) -recursion-strategy Recursion strategy: "default" for a redirect based, and "greedy" to recurse on all matches (default: default) -replay-proxy Replay matched requests using this proxy. -sni Target TLS SNI, does not support FUZZ keyword -timeout HTTP request timeout in seconds. (default: 10) -u Target URL -x Proxy URL (SOCKS5 or HTTP). For example: http://127.0.0.1:8080 or socks5://127.0.0.1:8080 GENERAL OPTIONS: -V Show version information. (default: false) -ac Automatically calibrate filtering options (default: false) -acc Custom auto-calibration string. Can be used multiple times. Implies -ac -ach Per host autocalibration (default: false) -ack Autocalibration keyword (default: FUZZ) -acs Autocalibration strategy: "basic" or "advanced" (default: basic) -c Colorize output. (default: false) -config Load configuration from a file -json JSON output, printing newline-delimited JSON records (default: false) -maxtime Maximum running time in seconds for entire process. (default: 0) -maxtime-job Maximum running time in seconds per job. (default: 0) -noninteractive Disable the interactive console functionality (default: false) -p Seconds of `delay` between requests, or a range of random delay. For example "0.1" or "0.1-2.0" -rate Rate of requests per second (default: 0) -s Do not print additional information (silent mode) (default: false) -sa Stop on all error cases. Implies -sf and -se. (default: false) -scraperfile Custom scraper file path -scrapers Active scraper groups (default: all) -se Stop on spurious errors (default: false) -search Search for a FFUFHASH payload from ffuf history -sf Stop when > 95% of responses return 403 Forbidden (default: false) -t Number of concurrent threads. (default: 40) -v Verbose output, printing full URL and redirect location (if any) with the results. (default: false) MATCHER OPTIONS: -mc Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403,405,500) -ml Match amount of lines in response -mmode Matcher set operator. Either of: and, or (default: or) -mr Match regexp -ms Match HTTP response size -mt Match how many milliseconds to the first response byte, either greater or less than. EG: >100 or 100 or ' -fr "error" Fuzz multiple locations. Match only responses reflecting the value of "VAL" keyword. Colored. ffuf -w params.txt:PARAM -w values.txt:VAL -u https://example.org/?PARAM=VAL -mr "VAL" -c More information and examples: https://github.com/ffuf/ffuf