FFuF — An Interesting Open-Source Web Fuzzing Tool


FFuF — An Interesting Open-Source Web Fuzzing Tool

We will learn how we can use ffuf, which states for “Fuzz Faster U Fool”, which is an interesting open-source web fuzzing tool.

Because we’re using Kali Linux, we can easily get ffuf by using a simple command.


Install FFuf in Kali Linux

After installing Run the help command to check the arguments

To find the Simple directory attack use this command

Ffuf -u http://testphp.vulnweb/FUZZ/ -w wordlist.txt

If you want to search for multiple wordlists then you can go for this command

ffuf -u http://testphp.vulnweb.com/W2/W1/ -w /usr/share/wordlists/dirb/common.txt:W1 -w /usr/share/wordlists/dirbuster/directory-list-1.0.txt:W2

If you find Extensions fpor a particular file then you can use this command

ffuf -u https://testphp.vulnweb.com/pictures/FUZZ/ -w /usr/share/seclists/Fuzzing/extensions-most-common.fuzz.txt -e .php

If you want to find whether this directory is running or not then you can also find it with the help of the http status code

Match HTTP Code:100,200,300,400,500

  • 1xx informational response – the request was received, continuing process
  • 2xx successful – the request was successfully received, understood, and accepted
  • 3xx redirection – further action needs to be taken in order to complete the request
  • 4xx client error – the request contains bad syntax or cannot be fulfilled
  • 5xx server error – the server failed to fulfill an apparently valid request

Example: if you want to find successful code 200 then go for this command

ffuf -u http://testphp.vulnweb.com/userinfo.php/FUZZ/ -w wordlist.txt -mc 200

How News4Hackers Can Help?

News4Hackers is a global news agency dedicated to providing fascinating and useful articles on topics linked to cybersecurity.  Furthermore, News4Hackers is committed to delivering timely information regarding the latest advancements, methodologies, technologies, and cyber risks that aim to undermine global organizations.  In order to ensure that you are promptly informed about the latest technological advancements, our news organizers carefully monitor the industry on a regular basis.

In addition, it is crucial to emphasize that Craw Security has established a cooperation with News4Hackers, a highly reputable institution that specializes in cybersecurity. This collaboration aims to offer in-depth analysis and viewpoints on several important countries, including India.  If you would like more information about their highly effective cybersecurity training courses or any other related topic, please feel free to contact them at the hotline mobile number +91-9513805401.


All You Require To Understand About Wireshark

A Comprehensive Tutorial of NMAP: An Open-Source Linux Command-Line Tool

Catch All Details Regarding Nessus: The Famous Cybersecurity Tool

Dirb: The Widely Recognized Web Content Scanner

Netcat — All You About This Exciting Cyber Security Tool

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?