ffuf – Fast Web Fuzzer Linux Tool Written in Go
Fuzzing is the automatic process of giving random input to an application to look for any errors or any unexpected behavior. But finding any hidden directories and files on any web server can also be categorized under fuzzing. If we try to perform this process manually then it can take dozens of months to find the directories on the server. So the automation approach is the best for performing fuzzing. FFUF is the automated tool developed in the Golang language which is the fastest fuzzer tool in today’s date. It has various key features of manipulation the method from GET to POST and vice versa. We can use various wordlists for fuzzing the vhost as well. FFUF tool is an open-source and free-to-use tool.
Note: As Ffuf is a Golang language-based tool, so you need to have a Golang environment on your system. So check this link to Install Golang in your system. – Installation of Go Lang in Linux
Installation of Ffuf Tool on Kali Linux OS
Step 1: If you have downloaded Golang in your system, verify the installation by checking the version of Golang, use the following command.
Step 2: Get the Ffuf repository or clone the Ffuf tool from GitHub, use the following command.
sudo GO111MODULE=on go get -u github.com/ffuf/ffuf
Step 3: Check the version of the Ffuf tool using the following command.
Step 4: Check the help menu page to get a better understanding of the Ffuf tool, use the following command.
When the execution of the ffuf tool is started the tool firstly checks its default configuration file exits or not. Mostly the path of the configuration file is at ~/.ffufrc /$HOME/.ffufrc or can be at /home/gaurav/.ffufrc. In Windows OS this path can vary and mostly it can be at %USERPROFILE%\.ffufrc. There are configuration options provided on the terminal that override the ones loaded from the ~/.ffufrc file. For example, If you wish to use a bunch of configuration files for various scenarios, then you can define the configuration file path by using the -config tag which takes the file path to the configuration file as its parameter.
Working with Ffuf Tool on Kali Linux OS
Example 1: Typical directory discovery
ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://geeksforgeeks.org/FUZZ
In this example, We are fuzzing the directories of geeksforgeeks.org target domain.
Example 2: Virtual host discovery (without DNS records)
ffuf -w /usr/share/wordlists/vhost.txt -u https://geeksforgeeks.org -H “Host: FUZZ” -fs 4242
In this example, We are filtering out VHOST default port 4242 specified in the -fs tag.
Example 3: GET parameter fuzzing
ffuf -w /usr/share/wordlists/parameters.txt -u http://testphp.vulnweb.com/search.php?FUZZ=test_value -fs 4242
In this example, We are using the GET method for fuzzing the directories.
Example 4: Maximum execution time
ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://geeksforgeeks.org/FUZZ -maxtime 60
In this example, We are specifying the maximum request time. We have used -maxtime tag for specifying the time.
Example 4: POST Data Fuzzing
ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -X POST -d “username=admin\&password=FUZZ” -u https://testphp.vulnweb.com/login.php -fc 401
In this example, We are using the POST method for fuzzing the directories.
Example 5: Using an external mutator to produce test cases
ffuf –input-cmd ‘radamsa –seed $FFUF_NUM example1.txt example2.txt’ -H “Content-Type: application/json” -X POST -u https://testphp.vulnweb.com/ -mc all -fc 400
In this example, We’ll fuzz JSON data that’s sent over POST. Radamsa s used as the mutator.