Ffuf on slightlymorehttps://slightlymore.co.uk/tags/ffuf/Recent content in Ffuf on slightlymoreHugoen-GB<a href="https://creativecommons.org/licenses/by/4.0/" target="_blank" rel="license">CC BY 4.0</a> by Clinton MontagueSun, 28 Dec 2025 12:06:50 +0000Fuzzing toolshttps://slightlymore.co.uk/fuzzing-tools/Sat, 27 Dec 2025 00:00:00 +0000https://slightlymore.co.uk/fuzzing-tools/<h2 id="some-example-ffuf-commands">Some example <code>ffuf</code> commands</h2> <p>In each case, <code>FUZZ</code> is the placeholder for word replacement.**</p> <h3 id="fuzzing-for-specific-extensions">Fuzzing for specific extensions</h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ffuf <span class="se">\ </span></span></span><span class="line"><span class="cl"> -w /usr/share/seclists/Discovery/Web-Content/common.txt <span class="se">\ </span></span></span><span class="line"><span class="cl"> -u http://example.com/target_dir/FUZZ </span></span><span class="line"><span class="cl"> -e .txt,.html,.bak <span class="c1"># etc </span> </span></span></code></pre></div><h3 id="recursive-fuzzing">Recursive fuzzing</h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ffuf <span class="se">\ </span></span></span><span class="line"><span class="cl"> -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt <span class="se">\ </span></span></span><span class="line"><span class="cl"> -u http://example.com/target_dir/FUZZ <span class="se">\ </span></span></span><span class="line"><span class="cl"> -recursion </span></span></code></pre></div><h3 id="fuzzing-a-post-parameter">Fuzzing a <code>POST</code> parameter</h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ffuf <span class="se">\ </span></span></span><span class="line"><span class="cl"> -w /usr/share/seclists/Discovery/Web-Content/common.txt <span class="se">\ </span></span></span><span class="line"><span class="cl"> -u http://example.com/example.php <span class="se">\ </span></span></span><span class="line"><span class="cl"> -X POST <span class="se">\ </span></span></span><span class="line"><span class="cl"> -H <span class="s2">&#34;Content-Type: application/x-www-form-urlencoded&#34;</span> <span class="se">\ </span></span></span><span class="line"><span class="cl"> -d <span class="s2">&#34;y=FUZZ&#34;</span> </span></span><span class="line"><span class="cl"> -ic </span></span></code></pre></div><h3 id="fuzzing-a-get-parameter">Fuzzing a <code>GET</code> parameter</h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ffuf <span class="se">\ </span></span></span><span class="line"><span class="cl"> -w /usr/share/seclists/Discovery/Web-Content/common.txt <span class="se">\ </span></span></span><span class="line"><span class="cl"> -u http://example.com/example.php?x<span class="o">=</span>FUZZ <span class="se">\ </span></span></span><span class="line"><span class="cl"> -ic </span></span></code></pre></div><h2 id="references">References</h2> <ul> <li><a href="https://slightlymore.co.uk/brute-forcing-subdomain-enumeration">Brute forcing subdomain enumeration 🌿</a> </li> </ul>