fuff is a must have tool for Ethical Hackers and Bug Bounty Hunters. As the name suggest in this blog we are going to see the installation and usage of ffuf in our terminal so without any further do let’s hack.
Installation
If you want you can visit this youtube video for steps in Hindi
And in English
First of all go to the official page of ffuf on github and copy the git url or copy https://github.com/ffuf/ffuf.git . Now move the your terminal
ffuf@tool:~$ git clone https://github.com/ffuf/ffuf.git
Cloning into 'ffuf'...
remote: Enumerating objects: 1792, done.
remote: Counting objects: 100% (558/558), done.
remote: Compressing objects: 100% (264/264), done.
remote: Total 1792 (delta 353), reused 477 (delta 294), pack-reused 1234
Receiving objects: 100% (1792/1792), 715.91 KiB | 1.16 MiB/s, done.
Resolving deltas: 100% (1165/1165), done.So far we have successfully clone the ffuf git from the github. Go to the ffuf directory and start installing ffuf but before that make sure you have go installed in your system.
ffuf@tool:~$ cd ffuf
ffuf@tool:/ffuf~$ go get
ffuf@tool:/ffuf~$ go buildcd ffuf will move you to ffuf directory
go get will initialise installing ffuf
go build will finally build the ffuf to be usable
Finally ffuf is installed in your system. Type ffuf in your terminal to see whether it’s installed successfully or not.
ffuf@tool:/ffuf~$ ffuf
Encountered error(s): 2 errors occurred.
* -u flag or -request flag is required
* Either -w or --input-cmd flag is requiredFuzz Faster U Fool - v1.5.0 Kali Exclusive <3HTTP OPTIONS:
-H Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted.
-X HTTP method to use
-b Cookie data `"NAME1=VALUE1; NAME2=VALUE2"` for copy as curl functionality.
-d POST data
-http2 Use HTTP2 protocol (default: false)
-ignore-body Do not fetch the response content. (default: false)
-r Follow redirects (default: false)
-recursion Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false)
-recursion-depth Maximum recursion depth. (default: 0)
-recursion-strategy Recursion strategy: "default" for a redirect based, and "greedy" to recurse on all matches (default: default)
-replay-proxy Replay matched requests using this proxy.
-sni Target TLS SNI, does not support FUZZ keyword
-timeout HTTP request timeout in seconds. (default: 10)
-u Target URL
-x Proxy URL (SOCKS5 or HTTP). For example: http://127.0.0.1:8080 or socks5://127.0.0.1:8080
...
...
Here is the most basic syntax for using ffuf
ffuf -w wordlist.txt -u https://website.com/FUZZ
-w is used to specify wordlist you are going to use
-u specifies the url you will be fuzzing
FUZZ is the position where all the payloads will be tried
Usage
Now we are going to use ffuf on http://hackycorp.com/ which is a free website to test our hacking skills.
ffuf@tool:/ffuf~$ ffuf -w dicc.txt -u https://hackycorp.com/FUZZThe wordlist dicc.txt can be found here
Now the results are
ffuf@tool:/ffuf~$ ffuf -w dicc.txt -u https://hackycorp.com/FUZZ
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/v1.5.0 Kali Exclusive <3
________________________________________________:: Method : GET
:: URL : https://hackycorp.com/FUZZ
:: Wordlist : FUZZ: /home/ffuf/dicc.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405,500
________________________________________________.well-known/security.txt [Status: 200, Size: 156, Words: 24, Lines: 4, Duration: 204ms]
admin [Status: 301, Size: 178, Words: 6, Lines: 8, Duration: 204ms]
images [Status: 301, Size: 178, Words: 6, Lines: 8, Duration: 204ms]
index.html [Status: 200, Size: 16011, Words: 5888, Lines: 278, Duration: 205ms]
robots.txt [Status: 200, Size: 121, Words: 14, Lines: 7, Duration: 218ms]
startpage [Status: 301, Size: 178, Words: 6, Lines: 8, Duration: 216ms]
:: Progress: [4713/4713] :: Job [1/1] :: 192 req/sec :: Duration: [0:00:29] :: Errors: 0 ::
As you can see in the results we have the directories
.well-known/security.txt
admin
images
index.html
robots.txt
startpageIf you only want results with 200 status code the use the following
ffuf -w dicc.txt -u https://hackycorp.com/FUZZ -mc 200That’s all for the first writeup about ffuf in which we have learned about simple installation of ffuf and some basic usage in the next part we will see some more usage of it and in the final part we will see the advanced usage of ffuf and use it in most comprehensive way until then stay tuned.
Let’s get connected
Twitter: proton_sec
GitHub: proton-sec
LinkedIn: protonsec
If you want to appreciate and support my work here you go…
Thanks for Reading!!!
