ffuf – Fast Web Fuzzer Linux Tool Written in Go

Fuzzing is the automatic process of giving random input to an application to look for any errors or any unexpected behavior. But finding any hidden directories and files on any web server can also be categorized under fuzzing. If we try to perform this process manually then it can take dozens of months to find the directories on the server. So the automation approach is the best for performing fuzzing. FFUF is the automated tool developed in the Golang language which is the fastest fuzzer tool in today’s date. It has various key features of manipulation the method from GET to POST and vice versa. We can use various wordlists for fuzzing the vhost as well. FFUF tool is an open-source and free-to-use tool.

Note: As Ffuf is a Golang language-based tool, so you need to have a Golang environment on your system. So check this link to Install  Golang in your system. – Installation of Go Lang in Linux

Installation of Ffuf Tool on Kali Linux OS

Step 1: If you have downloaded Golang in your system, verify the installation by checking the version of Golang, use the following command.

go version

Step 2: Get the Ffuf repository or clone the Ffuf tool from GitHub, use the following command.

sudo GO111MODULE=on go get -u github.com/ffuf/ffuf

Step 3: Check the version of the Ffuf tool using the following command.

ffuf -V

Step 4: Check the help menu page to get a better understanding of the Ffuf tool, use the following command.

ffuf -h

Configuration files

When the execution of the ffuf tool is started the tool firstly checks its default configuration file exits or not. Mostly the path of the configuration file is at ~/.ffufrc /$HOME/.ffufrc or can be at /home/gaurav/.ffufrc. In Windows OS this path can vary and mostly it can be at %USERPROFILE%\.ffufrc. There are configuration options provided on the terminal that override the ones loaded from the ~/.ffufrc file. For example, If you wish to use a bunch of configuration files for various scenarios, then you can define the configuration file path by using the -config tag which takes the file path to the configuration file as its parameter.

Working with Ffuf Tool on Kali Linux OS

Example 1: Typical directory discovery

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://geeksforgeeks.org/FUZZ

In this example, We are fuzzing the directories of geeksforgeeks.org target domain.

Example 2: Virtual host discovery (without DNS records)

ffuf -w /usr/share/wordlists/vhost.txt -u https://geeksforgeeks.org -H “Host: FUZZ” -fs 4242

In this example, We are filtering out VHOST default port 4242 specified in the -fs tag.

Example 3: GET parameter fuzzing

ffuf -w /usr/share/wordlists/parameters.txt -u http://testphp.vulnweb.com/search.php?FUZZ=test_value -fs 4242

In this example, We are using the GET method for fuzzing the directories.

Example 4: Maximum execution time

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://geeksforgeeks.org/FUZZ -maxtime 60

In this example, We are specifying the maximum request time. We have used -maxtime tag for specifying the time.

Example 4: POST Data Fuzzing

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -X POST -d “username=admin\&password=FUZZ” -u https://testphp.vulnweb.com/login.php -fc 401

In this example, We are using the POST method for fuzzing the directories.

Example 5: Using an external mutator to produce test cases

ffuf –input-cmd ‘radamsa –seed $FFUF_NUM example1.txt example2.txt’ -H “Content-Type: application/json” -X POST -u https://testphp.vulnweb.com/ -mc all -fc 400

In this example, We’ll fuzz JSON data that’s sent over POST. Radamsa s used as the mutator.