FFuF — An Interesting Open-Source Web Fuzzing Tool
We will learn how we can use ffuf, which states for “Fuzz Faster U Fool”, which is an interesting open-source web fuzzing tool.
Because we’re using Kali Linux, we can easily get ffuf by using a simple command.
Install FFuf in Kali Linux
After installing Run the help command to check the arguments
To find the Simple directory attack use this command
Ffuf -u http://testphp.vulnweb/FUZZ/ -w wordlist.txt
If you want to search for multiple wordlists then you can go for this command
ffuf -u http://testphp.vulnweb.com/W2/W1/ -w /usr/share/wordlists/dirb/common.txt:W1 -w /usr/share/wordlists/dirbuster/directory-list-1.0.txt:W2
If you find Extensions fpor a particular file then you can use this command
ffuf -u https://testphp.vulnweb.com/pictures/FUZZ/ -w /usr/share/seclists/Fuzzing/extensions-most-common.fuzz.txt -e .php
If you want to find whether this directory is running or not then you can also find it with the help of the http status code
Match HTTP Code:100,200,300,400,500
- 1xx informational response – the request was received, continuing process
- 2xx successful – the request was successfully received, understood, and accepted
- 3xx redirection – further action needs to be taken in order to complete the request
- 4xx client error – the request contains bad syntax or cannot be fulfilled
- 5xx server error – the server failed to fulfill an apparently valid request
Example: if you want to find successful code 200 then go for this command
ffuf -u http://testphp.vulnweb.com/userinfo.php/FUZZ/ -w wordlist.txt -mc 200
How News4Hackers Can Help?
News4Hackers is a global news agency dedicated to providing fascinating and useful articles on topics linked to cybersecurity. Furthermore, News4Hackers is committed to delivering timely information regarding the latest advancements, methodologies, technologies, and cyber risks that aim to undermine global organizations. In order to ensure that you are promptly informed about the latest technological advancements, our news organizers carefully monitor the industry on a regular basis.
In addition, it is crucial to emphasize that Craw Security has established a cooperation with News4Hackers, a highly reputable institution that specializes in cybersecurity. This collaboration aims to offer in-depth analysis and viewpoints on several important countries, including India. If you would like more information about their highly effective cybersecurity training courses or any other related topic, please feel free to contact them at the hotline mobile number +91-9513805401.
READ MORE ARTICLE HERE