github/vim-ale
1
0
Fork 0
mirror of https://github.com/webinstall/webi-installers.git synced 2026-04-06 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
895adebcc37af381111f91d4c0519eb0db306ec0
vim-ale/ffuf
History
AJ ONeal 23100394ac ref(installerconf): rename config keys and add full URL support 
Renames:
- github_repo → github_releases (back-compat kept)
- github_source → github_sources (back-compat kept)
- gitea_repo → gitea_releases (back-compat kept)

New keys:
- gitea_sources, gitlab_releases, gitlab_sources

All keys now accept either owner/repo shorthand or full URLs:
- github_releases = sharkdp/bat
- github_releases = https://github.com/sharkdp/bat
- gitea_releases = https://git.rootprojects.org/root/pathman

Defaults: github → github.com, gitlab → gitlab.com.
Gitea has no default (self-hosted only).

Updated all 73 releases.conf files from github_repo to github_releases.
2026-03-11 11:51:43 -06:00
..
install.ps1
chore: npm run fmt
2026-03-08 19:38:49 -06:00
install.sh
fix(ffuf): fix version command, and package path for Windows
2023-10-17 21:02:42 +00:00
README.md
doc(ffuf): add newbie-friendly examples
2023-10-17 20:47:05 +00:00
releases.conf
ref(installerconf): rename config keys and add full URL support
2026-03-11 11:51:43 -06:00
releases.js
ref(githubish): automated removal of unused request
2024-10-14 09:03:22 +00:00

README.md

title, homepage, tagline
title homepage tagline
ffuf https://github.com/ffuf/ffuf Fuzz Faster U Fool: A fast web fuzzer written in Go.

To update or switch versions, run webi ffuf@stable (or @v2, @beta, etc).

Files

These are the files / directories that are created and/or modified with this install:

~/.config/envman/PATH.env
~/.local/bin/ffuf

Cheat Sheet

ffuf is a powerful web fuzzer written in Go. With a range of functionalities and fast performance, it's a must-have tool for penetration testers and security researchers.

ffuf mascot

Rotate through wordlists to discover and report exposed URLs, domains, etc.

# fuff -w <list>[:VAR] -u 'https://<target>/<VAR>'
fuff -w ./fuzz-Bo0oM.txt -u 'https://ffuf.io.fi/FUZZ

fuff \
    -w ./fuzz-Bo0oM.txt:'FUZZ_PATH' \
    -w ./subdomains-top1million-5000.txt:'FUZZ_SUB' \
    -u  'https://FUZZ_SUB.ffuf.io.fi/FUZZ_PATH'

How to get ffuf wordlists

Download Source Desc
onelistforallmicro.txt OneListForAll Words, Paths, Files
fuzz-Bo0oM.txt SecLists/Fuzzing Words, Paths, Files
subdomains-top1million-5000.txt SecLists/.../DNS Common Subdomains
burp-parameter-names.txt SecLists/.../Web-Content HTTP Query Params
urls-wordpress-3.3.1.txt SecLists/.../URLs WordPress v3 Paths

These were pulled from the resources mentioned in ffuf wiki: Wordlistt Resources:

How to Discover Exposed Content

For typical directory discovery:

ffuf -w ./onelistforallmicro.txt:'FUZZ' -u https://example.com/FUZZ

How to check for Domain Fronting (VHost Discovery)

Assuming a default virtualhost response size:

ffuf \
    -w ./subdomains-top1million-5000.txt:'SUB' \
    -u https://example.com \
    -H "Host: SUB.example.com" \
    -fs 4242

How to Fuzz GET Parameters

For fuzzing GET parameter names:

ffuf \
    -w ./burp-parameter-names.txt:'KEY' \
    -u https://example.com/script.php?KEY=test_value \
    -fs 4242

More Resources

See ffuf wiki: https://github.com/ffuf/ffuf/wiki.

Reference in New Issue View Git Blame Copy Permalink