doc(ffuf): add newbie-friendly examples

ffuf/README.md

@@ -25,36 +25,94 @@ install:
 
 [![ffuf mascot](https://github.com/ffuf/ffuf/blob/v2.1.0/_img/ffuf_run_logo_600.png?raw=true)](https://github.com/ffuf/ffuf)
 
-### To run ffuf:
+Rotate through wordlists to discover and report exposed URLs, domains, etc.
 
 ```sh
-ffuf -w /path/to/wordlist -u https://target/FUZZ
+# fuff -w <list>[:VAR] -u 'https://<target>/<VAR>'
+fuff -w ./fuzz-Bo0oM.txt -u 'https://ffuf.io.fi/FUZZ
 ```
 
-### Content Discovery with ffuf
+```sh
+fuff \
+    -w ./fuzz-Bo0oM.txt:'FUZZ_PATH' \
+    -w ./subdomains-top1million-5000.txt:'FUZZ_SUB' \
+    -u  'https://FUZZ_SUB.ffuf.io.fi/FUZZ_PATH'
+```
+
+### How to get ffuf wordlists
+
+| Download                                 | &emsp; Source                          | &emsp; Desc                |
+| ---------------------------------------- | -------------------------------------- | -------------------------- |
+| [onelistforallmicro.txt][4allu]          | &emsp; [OneListForAll][4all]           | &emsp; Words, Paths, Files |
+| [fuzz-Bo0oM.txt][boom]                   | &emsp; [SecLists/Fuzzing][fuzz]        | &emsp; Words, Paths, Files |
+| [subdomains-top1million-5000.txt][sub5k] | &emsp; [SecLists/.../DNS][dns]         | &emsp; Common Subdomains   |
+| [burp-parameter-names.txt][params]       | &emsp; [SecLists/.../Web-Content][web] | &emsp; HTTP Query Params   |
+| [urls-wordpress-3.3.1.txt][wp3]          | &emsp; [SecLists/.../URLs][urls]       | &emsp; WordPress v3 Paths  |
+
+<!-- Browse Categories -->
+
+[4all]: https://github.com/six2dez/OneListForAll/
+[dns]: https://github.com/danielmiessler/SecLists/blob/master/Discovery/DNS/
+[fuzz]: https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/
+[web]:
+  https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/
+[seclist]: https://github.com/danielmiessler/SecLists/
+[urls]:
+  https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/URLs/
+
+<!-- Download Lists -->
+
+[4allu]:
+  https://raw.githubusercontent.com/six2dez/OneListForAll/main/onelistforallmicro.txt
+[boom]:
+  https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/fuzz-Bo0oM.txt
+[params]:
+  https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/burp-parameter-names.txt
+[sub5k]:
+  https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt
+[wp3]:
+  https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/URLs/urls-wordpress-3.3.1.txt
+
+<br>
+
+These were pulled from the resources mentioned in
+[ffuf wiki: Wordlistt Resources](https://github.com/ffuf/ffuf/wiki#wordlist-resources):
+
+- [six2dez/OneListForAll][4all]
+- [danielmiessler/SecLists][seclist]
+
+### How to Discover Exposed Content
 
 For typical directory discovery:
 
 ```sh
-ffuf -w /path/to/wordlist -u https://target/FUZZ
+ffuf -w ./onelistforallmicro.txt:'FUZZ' -u https://example.com/FUZZ
 ```
 
-### Virtual Host Discovery (without DNS records)
+### How to check for Domain Fronting (VHost Discovery)
 
 Assuming a default virtualhost response size:
 
 ```sh
-ffuf -w /path/to/vhost/wordlist -u https://target -H "Host: FUZZ" -fs 4242
+ffuf \
+    -w ./subdomains-top1million-5000.txt:'SUB' \
+    -u https://example.com \
+    -H "Host: SUB.example.com" \
+    -fs 4242
 ```
 
-### GET Parameter Fuzzing
+### How to Fuzz GET Parameters
 
 For fuzzing GET parameter names:
 
 ```sh
-ffuf -w /path/to/paramnames.txt -u https://target/script.php?FUZZ=test_value -fs 4242
+ffuf \
+    -w ./burp-parameter-names.txt:'KEY' \
+    -u https://example.com/script.php?KEY=test_value \
+    -fs 4242
 ```
 
-And many other functionalities. Visit
-[ffuf's official documentation](https://github.com/ffuf/ffuf/wiki) for a
-comprehensive guide.
+### More Resources
+
+See [ffuf wiki](https://github.com/ffuf/ffuf/wiki):
+<https://github.com/ffuf/ffuf/wiki>.