46 lines
1.6 KiB
Markdown
46 lines
1.6 KiB
Markdown
# Fuzz Faster U Fool
|
|
|
|
## Usage
|
|
```sh
|
|
ffuf -u http://<IP>/FUZZ -w /usr/share/seclists/Discovery/Web-Content/big.txt
|
|
```
|
|
* Fuzz dirs
|
|
```sh
|
|
ffuf -u http://<IP>/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories-lowercase.txt
|
|
```
|
|
* Fuzz files
|
|
```sh
|
|
ffuf -u http://<IP>/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-medium-words-lowercase.txt -e .php,.txt
|
|
```
|
|
|
|
### Fuzz parameters
|
|
```sh
|
|
ffuf -u 'http://MACHINE_IP/sqli-labs/Less-1/?FUZZ=1' -c -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt -fw 39
|
|
ffuf -u 'http://MACHINE_IP/sqli-labs/Less-1/?FUZZ=1' -c -w /usr/share/seclists/Discovery/Web-Content/raft-medium-words-lowercase.txt -fw 39
|
|
```
|
|
* Fuzz values
|
|
```sh
|
|
seq 0 255 | fuff -u 'http://<IP>/sqli-labs/Less-1/?id=FUZZ -c -w - -fw 33
|
|
```
|
|
* Fuzz Post Methods
|
|
```sh
|
|
ffuf -u http://<IP>/sqli-labs/Less-11/ -c -w /usr/share/seclists/Passwords/Leaked-Databases/hak5.txt -X POST -d 'uname=Dummy&passwd=FUZZ&submit=Submit' -fs 1435 -H 'Content-Type: application/x-www-form-urlencoded'
|
|
```
|
|
|
|
### Fuzz Subdomains
|
|
```sh
|
|
ffuf -u http://FUZZ.test.com -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
|
|
```
|
|
or if the subdomains are listed in the target's host file
|
|
```sh
|
|
ffuf -w /usr/share/seclists/Discovery/DNS/namelist.txt -H "Host: FUZZ.test.com" -u http://<target-IP> -fs 0
|
|
```
|
|
* Fuzz Vhosts & Server Blocks
|
|
```sh
|
|
ffuf -u http://FUZZ.test.com -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -fs 0
|
|
ffuf -u http://test.com -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H 'Host: FUZZ.test.com' -fs 0
|
|
```
|
|
|
|
### Proxy
|
|
* `-replay-proxy <IP>` or `-x <ProxyIP>`
|