vorptopia 👾

ffuf

1 min read

FUZZ FASTER U FOOL its a tool for web enumeration, fuzzing and directory brute forcing

usage:

normal dirbusting:

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.0.2.6/FUZZ
  • -w specifies the wordlist to use
  • -u specifies the url
  • FUZZ specifies where to fuzz from

Subdomain Enumeration:

ffuf -u http://cyprusbank.thm/ -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host:FUZZ.cyprusbank.thm" -fw 1
  • -H specifies a custom header, in this case the Host header
  • -fw 1 filters by the amount of words in response. used it cuz otherwise the server spits out nothing and every subdomain on the wordlist shits out a false positive

Graph View

Backlinks