ffuf/wfuzz

sudo ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport.thm" -u http://10.10.207.90


sudo ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport.thm" -u http://10.10.207.90 -fs 2395

Change the -fs based on the error size

See if there is a size meaning there will be a content in the page

ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/seclists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.18.15/customers/login -fc 200


ffuf -w passwords.txt:FUZZ -u https://0abf00b50407080a830c0211000700b6.web-security-academy.net/login -X POST -d 'username=al&password=FUZZ' -H "Content-Type: application/x-www-form-urlencoded"

-fc status code

ffuf -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-small.txt -u http://94.237.62.149:55270/FUZZ

ffuf -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-small.txt -u http://94.237.62.149:55270/blog/FUZZ.php

Bruteforcing with extensions php

-s

silent

ffuf -u http://archive.academy.htb:52527/indexFUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/web-extensions-big.txt

ffuf -u http://83.136.254.223:37645/forum/FUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-small.txt -recursion -recursion-depth 1 -e .php -v

ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt -u http://academy.htb:36035/ -H 'Host: FUZZ.academy.htb' -fs 986

ffuf -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -u http://admin.academy.htb:36035/admin/admin.php?FUZZ=key -fs 798

ffuf -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -u http://admin.academy.htb:36035/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs 798

ffuf -w ids.txt -u http://admin.academy.htb:36035/admin/admin.php -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded' -fs 768

ffuf -u http://academy.htb:52527/indexFUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/web-extensions.txt

htb - attacking web with ffuf

# First save the burpsuite request that have "usernamme=sadf&password=asdasd"
# Right click then find the "copy to file"
# After that change the "password=asdd" to "password=FUZZ"

# the -fs 1814 will remove the response size 1814
ffuf -request req.txt -request-proto http -w /usr/share/wordlists/seclists/Passwords/xato-net-10-million-passwords-10000.txt -fs 1814

# It will find the word admin in the page as it iterates
ffuf -u http://localhost/labs/e0x02.php?account=FUZZ -w number1000-2000.txt -mr "admin"

PreviousGobuster Nextwhatweb

Last updated 1 year ago