FFUF Beginner Part One

4 min readOct 3, 2022


ffuf intermediate level part two hacking tool
ffuf beginner level part one hacking tool

fuff is a must have tool for Ethical Hackers and Bug Bounty Hunters. As the name suggest in this blog we are going to see the installation and usage of ffuf in our terminal so without any further do let’s hack.


If you want you can visit this youtube video for steps in Hindi

And in English

First of all go to the official page of ffuf on github and copy the git url or copy https://github.com/ffuf/ffuf.git . Now move the your terminal

ffuf@tool:~$ git clone https://github.com/ffuf/ffuf.git
Cloning into 'ffuf'...
remote: Enumerating objects: 1792, done.
remote: Counting objects: 100% (558/558), done.
remote: Compressing objects: 100% (264/264), done.
remote: Total 1792 (delta 353), reused 477 (delta 294), pack-reused 1234
Receiving objects: 100% (1792/1792), 715.91 KiB | 1.16 MiB/s, done.
Resolving deltas: 100% (1165/1165), done.

So far we have successfully clone the ffuf git from the github. Go to the ffuf directory and start installing ffuf but before that make sure you have go installed in your system.

ffuf@tool:~$ cd ffuf
ffuf@tool:/ffuf~$ go get
ffuf@tool:/ffuf~$ go build

cd ffuf will move you to ffuf directory

go get will initialise installing ffuf

go build will finally build the ffuf to be usable

Finally ffuf is installed in your system. Type ffuf in your terminal to see whether it’s installed successfully or not.

ffuf@tool:/ffuf~$ ffuf
Encountered error(s): 2 errors occurred.
* -u flag or -request flag is required
* Either -w or --input-cmd flag is required
Fuzz Faster U Fool - v1.5.0 Kali Exclusive <3HTTP OPTIONS:
-H Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted.
-X HTTP method to use
-b Cookie data `"NAME1=VALUE1; NAME2=VALUE2"` for copy as curl functionality.
-d POST data
-http2 Use HTTP2 protocol (default: false)
-ignore-body Do not fetch the response content. (default: false)
-r Follow redirects (default: false)
-recursion Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false)
-recursion-depth Maximum recursion depth. (default: 0)
-recursion-strategy Recursion strategy: "default" for a redirect based, and "greedy" to recurse on all matches (default: default)
-replay-proxy Replay matched requests using this proxy.
-sni Target TLS SNI, does not support FUZZ keyword
-timeout HTTP request timeout in seconds. (default: 10)
-u Target URL
-x Proxy URL (SOCKS5 or HTTP). For example: or socks5://

Here is the most basic syntax for using ffuf

ffuf -w wordlist.txt -u https://website.com/FUZZ

-w is used to specify wordlist you are going to use

-u specifies the url you will be fuzzing

FUZZ is the position where all the payloads will be tried


Now we are going to use ffuf on http://hackycorp.com/ which is a free website to test our hacking skills.

ffuf@tool:/ffuf~$ ffuf -w dicc.txt -u https://hackycorp.com/FUZZ

The wordlist dicc.txt can be found here

Now the results are

ffuf@tool:/ffuf~$ ffuf -w dicc.txt -u https://hackycorp.com/FUZZ

/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v1.5.0 Kali Exclusive <3
:: Method : GET
:: URL : https://hackycorp.com/FUZZ
:: Wordlist : FUZZ: /home/ffuf/dicc.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405,500
.well-known/security.txt [Status: 200, Size: 156, Words: 24, Lines: 4, Duration: 204ms]
admin [Status: 301, Size: 178, Words: 6, Lines: 8, Duration: 204ms]
images [Status: 301, Size: 178, Words: 6, Lines: 8, Duration: 204ms]
index.html [Status: 200, Size: 16011, Words: 5888, Lines: 278, Duration: 205ms]
robots.txt [Status: 200, Size: 121, Words: 14, Lines: 7, Duration: 218ms]
startpage [Status: 301, Size: 178, Words: 6, Lines: 8, Duration: 216ms]
:: Progress: [4713/4713] :: Job [1/1] :: 192 req/sec :: Duration: [0:00:29] :: Errors: 0 ::

As you can see in the results we have the directories


If you only want results with 200 status code the use the following

ffuf -w dicc.txt -u https://hackycorp.com/FUZZ -mc 200

That’s all for the first writeup about ffuf in which we have learned about simple installation of ffuf and some basic usage in the next part we will see some more usage of it and in the final part we will see the advanced usage of ffuf and use it in most comprehensive way until then stay tuned.

Let’s get connected

Twitter: proton_sec
GitHub: proton-sec
LinkedIn: protonsec

If you want to appreciate and support my work here you go…

Thanks for Reading!!!