> For the complete documentation index, see [llms.txt](https://kyou00.gitbook.io/xyz/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kyou00.gitbook.io/xyz/tcm/practical-bug-bounty/ffuf.md).

# ffuf

{% code overflow="wrap" %}

```
ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt:FUZZ -u http://10.0.0.10:80/FUZZ
```

{% endcode %}

<pre data-overflow="wrap"><code><strong># First save the burpsuite request that have "usernamme=sadf&#x26;password=asdasd"
</strong><strong># Right click then find the "copy to file"
</strong><strong># After that change the "password=asdd" to "password=FUZZ"
</strong><strong>
</strong><strong># the -fs 1814 will remove the response size 1814
</strong>ffuf -request req.txt -request-proto http -w /usr/share/wordlists/seclists/SecLists-master/Passwords/xato-net-10-million-passwords-10000.txt -fs 1814
</code></pre>

<pre data-overflow="wrap"><code><strong># First save the burpsuite request that have "usernamme=asd&#x26;password=asdasd"
</strong><strong># Right click then find the "copy to file"
</strong><strong># After that change the "password=asdd" to "password=FUZZPASS" and "username=FUZZUSER"
</strong><strong>
</strong><strong># the -fs 3256,3376 will remove the response size 3256,3376
</strong>ffuf -request req.txt -request-proto http -mode clusterbomb -w /usr/share/wordlists/seclists/SecLists-master/Usernames/top-usernames-shortlist.txt:FUZZUSER -w pass.txt:FUZZPASS -fs 3256,3376
</code></pre>

<pre data-overflow="wrap"><code><strong># It will find the word admin in the page as it iterates
</strong><strong># -mr Match regexp
</strong>ffuf -u http://localhost/labs/e0x02.php?account=FUZZ -w number1000-2000.txt -mr "admin"
</code></pre>

<pre data-overflow="wrap"><code><strong># First you have to put the FUZZ in the parameter
</strong><strong># Like this /labs/api/fetchRecipe.php?filename=FUZZ
</strong><strong># This is located in req.txt
</strong><strong># Filter out the word length 19,20 since it returns error
</strong>ffuf -request req.txt -request-proto http -w /usr/share/wordlists/seclists/SecLists-master/Fuzzing/LFI/LFI-Jhaddix.txt -fw 19,20
</code></pre>

<pre data-overflow="wrap"><code><strong># It will bruteforce for LFI
</strong><strong># -fw will not include the LFI payload that is invalid 
</strong><strong># Just look for the LFI payload like if the word is 19 remove it
</strong><strong># Keep trying
</strong>
ffuf -request api-req.txt -request-proto http -w /usr/share/wordlists/seclists/SecLists-master/Fuzzing/LFI/LFI-Jhaddix.txt -fw 19,20
</code></pre>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kyou00.gitbook.io/xyz/tcm/practical-bug-bounty/ffuf.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.