Fuzzing tools

Some example `ffuf` commands#

In each case, FUZZ is the placeholder for word replacement.**

Fuzzing for specific extensions#

ffuf \
  -w /usr/share/seclists/Discovery/Web-Content/common.txt \
  -u http://example.com/target_dir/FUZZ 
  -e .txt,.html,.bak # etc

Recursive fuzzing#

ffuf \
  -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt \
  -u http://example.com/target_dir/FUZZ \
  -recursion

Fuzzing a `POST` parameter#

ffuf \
  -w /usr/share/seclists/Discovery/Web-Content/common.txt \
  -u http://example.com/example.php \
  -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "y=FUZZ"
  -ic

Fuzzing a `GET` parameter#

ffuf \
  -w /usr/share/seclists/Discovery/Web-Content/common.txt \
  -u http://example.com/example.php?x=FUZZ \
  -ic

References#

Brute forcing subdomain enumeration 🌿

Fuzzing tools

Some example ffuf commands#

Fuzzing for specific extensions#

Recursive fuzzing#

Fuzzing a POST parameter#

Fuzzing a GET parameter#

References#

→ Links to (1)

⇄ Probably related content (3)

Some example `ffuf` commands#

Fuzzing a `POST` parameter#

Fuzzing a `GET` parameter#