diff --git a/ffuf/README.md b/ffuf/README.md index ca4afea..02ee64d 100644 --- a/ffuf/README.md +++ b/ffuf/README.md @@ -25,36 +25,94 @@ install: [![ffuf mascot](https://github.com/ffuf/ffuf/blob/v2.1.0/_img/ffuf_run_logo_600.png?raw=true)](https://github.com/ffuf/ffuf) -### To run ffuf: +Rotate through wordlists to discover and report exposed URLs, domains, etc. ```sh -ffuf -w /path/to/wordlist -u https://target/FUZZ +# fuff -w [:VAR] -u 'https:///' +fuff -w ./fuzz-Bo0oM.txt -u 'https://ffuf.io.fi/FUZZ ``` -### Content Discovery with ffuf +```sh +fuff \ + -w ./fuzz-Bo0oM.txt:'FUZZ_PATH' \ + -w ./subdomains-top1million-5000.txt:'FUZZ_SUB' \ + -u 'https://FUZZ_SUB.ffuf.io.fi/FUZZ_PATH' +``` + +### How to get ffuf wordlists + +| Download |   Source |   Desc | +| ---------------------------------------- | -------------------------------------- | -------------------------- | +| [onelistforallmicro.txt][4allu] |   [OneListForAll][4all] |   Words, Paths, Files | +| [fuzz-Bo0oM.txt][boom] |   [SecLists/Fuzzing][fuzz] |   Words, Paths, Files | +| [subdomains-top1million-5000.txt][sub5k] |   [SecLists/.../DNS][dns] |   Common Subdomains | +| [burp-parameter-names.txt][params] |   [SecLists/.../Web-Content][web] |   HTTP Query Params | +| [urls-wordpress-3.3.1.txt][wp3] |   [SecLists/.../URLs][urls] |   WordPress v3 Paths | + + + +[4all]: https://github.com/six2dez/OneListForAll/ +[dns]: https://github.com/danielmiessler/SecLists/blob/master/Discovery/DNS/ +[fuzz]: https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/ +[web]: + https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/ +[seclist]: https://github.com/danielmiessler/SecLists/ +[urls]: + https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/URLs/ + + + +[4allu]: + https://raw.githubusercontent.com/six2dez/OneListForAll/main/onelistforallmicro.txt +[boom]: + https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/fuzz-Bo0oM.txt +[params]: + https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/burp-parameter-names.txt +[sub5k]: + https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt +[wp3]: + https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/URLs/urls-wordpress-3.3.1.txt + +
+ +These were pulled from the resources mentioned in +[ffuf wiki: Wordlistt Resources](https://github.com/ffuf/ffuf/wiki#wordlist-resources): + +- [six2dez/OneListForAll][4all] +- [danielmiessler/SecLists][seclist] + +### How to Discover Exposed Content For typical directory discovery: ```sh -ffuf -w /path/to/wordlist -u https://target/FUZZ +ffuf -w ./onelistforallmicro.txt:'FUZZ' -u https://example.com/FUZZ ``` -### Virtual Host Discovery (without DNS records) +### How to check for Domain Fronting (VHost Discovery) Assuming a default virtualhost response size: ```sh -ffuf -w /path/to/vhost/wordlist -u https://target -H "Host: FUZZ" -fs 4242 +ffuf \ + -w ./subdomains-top1million-5000.txt:'SUB' \ + -u https://example.com \ + -H "Host: SUB.example.com" \ + -fs 4242 ``` -### GET Parameter Fuzzing +### How to Fuzz GET Parameters For fuzzing GET parameter names: ```sh -ffuf -w /path/to/paramnames.txt -u https://target/script.php?FUZZ=test_value -fs 4242 +ffuf \ + -w ./burp-parameter-names.txt:'KEY' \ + -u https://example.com/script.php?KEY=test_value \ + -fs 4242 ``` -And many other functionalities. Visit -[ffuf's official documentation](https://github.com/ffuf/ffuf/wiki) for a -comprehensive guide. +### More Resources + +See [ffuf wiki](https://github.com/ffuf/ffuf/wiki): +.