← 返回命令列表

Linux command

ffuf 命令

网络

复制后可按需替换文件名、目录或参数。

常用示例

Directory fuzzing

ffuf -u [https://target.com/FUZZ] -w [wordlist.txt]

POST parameter fuzzing

ffuf -u [https://target.com/api] -w [wordlist.txt] -X POST -d "param=FUZZ"

Filter by status

ffuf -u [https://target.com/FUZZ] -w [wordlist.txt] -fc [404]

Match response size

ffuf -u [https://target.com/FUZZ] -w [wordlist.txt] -ms [1234]

Multiple wordlists

ffuf -u [https://target.com/FUZZ1/FUZZ2] -w [list1.txt]:FUZZ1 -w [list2.txt]:FUZZ2

说明

ffuf (Fuzz Faster U Fool) is a fast web fuzzer written in Go. It discovers hidden content, parameters, and vulnerabilities by sending requests with wordlist entries substituted at marked positions. The tool excels at content discovery, parameter fuzzing, and virtual host enumeration. Filtering options allow matching or excluding responses by status, size, words, or lines. ffuf's speed and flexibility make it popular for penetration testing and security assessments.

参数

-u _URL_
Target URL with FUZZ keyword.
-w _WORDLIST_
Wordlist file.
-X _METHOD_
HTTP method.
-d _DATA_
POST data.
-H _HEADER_
Custom header.
-fc _CODES_
Filter by status code.
-fs _SIZE_
Filter by response size.
-mc _CODES_
Match status codes.
-ms _SIZE_
Match response size.
-t _N_
Number of threads.
--help
Display help information.

FAQ

What is the ffuf command used for?

ffuf (Fuzz Faster U Fool) is a fast web fuzzer written in Go. It discovers hidden content, parameters, and vulnerabilities by sending requests with wordlist entries substituted at marked positions. The tool excels at content discovery, parameter fuzzing, and virtual host enumeration. Filtering options allow matching or excluding responses by status, size, words, or lines. ffuf's speed and flexibility make it popular for penetration testing and security assessments.

How do I run a basic ffuf example?

Run `ffuf -u [https://target.com/FUZZ] -w [wordlist.txt]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -u _URL_ do in ffuf?

Target URL with FUZZ keyword.