No video :(

How to Master FFUF for Bug Bounties and Pen Testing

Подписаться 15 тыс.

Просмотров 59 тыс.

50% 1

A detailed guide to FFUF (Fuzz Faster you Fool), a web application fuzzing framework for security researchers.
▬ Written guide ▬▬▬▬▬▬▬▬▬▬▬▬▬
codingo.io/tools/ffuf/bounty/...
▬ Continue the discussion ▬▬▬▬▬▬▬▬
✭ Twitter: / codingo_
✭ Patreon: / codingo
✭ Facebook: / codingo
▬ Table of Contents ▬▬▬▬▬▬▬▬▬▬▬
0:00 Introduction
1:50 What is FFUF?
3:07 Installation
5:10 Upgrading
5:22 Your first scan
6:37 Wordlist basics
7:20 Using Recursion
8:07 Recursion Example
9:21 Extension Checks
11:08 Using Custom Fuzzing Words
11:34 Using Custom Fuzzing Words Example
12:21 Silent Mode and Tee for Output
13:28 Working with HTML Output
14:35 Filters and Matches
16:29 Authentication: Cookies
17:08 Authentication: Headers
17:45 Authentication via Burp Suite
18:58 Using Multiple Fuzzing Locations
20:07 Importing Requests
21:45 Wordlist Modes
22:25 Clusterbomb Mode
22:48 Pitchfork Mode
23:18 Stop on Spurious Errors
23:43 Queue Wide Rate Limiting
24:37 Automatic Calibration Mode
25:28 Replay Proxy (local)
26:27 Replay Proxy (remote)
28:28 Outro
▬ Additional Resources ▬▬▬▬▬▬▬▬▬▬
✭ Building your own wordlists with TomNomNom: • Who, What, Where, When...
✩ How to use ffuf with InsiderPHD: • How to use ffuf - Hack...
✭ HTTP Response codes: developer.mozilla.org/en-US/d...
✩ SecLists: github.com/danielmiessler/Sec...

Опубликовано:

8 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 166

@hakluke 3 года назад

First!

@hakluke 3 года назад

The quality of this video is next level!

@anishakhan9564 3 года назад

coming from your tweet

@CristiVladZ 3 года назад

2nd

@codingo 3 года назад

Haha, a tad slow there Cristi :D

@adityarajsingh9317 3 года назад

Every single minute was worth watching. I feel these are among the best 28 minutes and 56 seconds of my day.

@powarraviraj 3 года назад

Awesome, Burp suite community edition + FFUF = Burp suite Pro features 😍

@STOKfredrik 3 года назад

Awesome!!

@codingo 3 года назад

Thank-you!!

@MikeRaja 2 года назад

When i searched it on youtube i didn't expect anyone had made so much detailed video about it. Thumbs up to you! Thanks for sharing your knowledge.

@codingo 2 года назад

Glad it was helpful! Thank-you!

@apristen 6 месяцев назад

Thank you for so detailed explanation! I previously didn't imagine that ffuf can do such complex things! Only used it for simple fuzzing for dirs and files.

@ankittathe866 3 года назад

@codingo huge fan ! Really excited to watch next video on "Your VPS setup with hunting methodology on the same " !

@surferbum618 3 года назад

Awesome video, the time stamps are super helpful. Thanks for making this. Codingo 4 president! :)

@codingo 3 года назад

Glad it was helpful! I use those on any video I see them on so made sure I included them here.

@dhirajx 3 года назад

super amazing,, love the background music, the content and editing. #1 guide it is

@codingo 3 года назад

Thank-you! This was a lot of editing work!

@Retnuh1974 3 года назад

Awesome Video!!! Great editing and Phenomenal Info. Subbed!!!

@codingo 3 года назад

Thanks for the sub! And thank-you!

@jaikumar1064 3 года назад

ek numberrr thnx @codingo for qualities videos

@JohnnyMcCaffery 3 года назад

Excellent video and I can't wait until you release more.

@codingo 3 года назад

More to come!

@JoaquinRamirez 3 года назад

Pure quality, all around.

@codingo 3 года назад

Thank-you!

@smi13x 9 месяцев назад

Easy to understand, Really enjoyed the video

@k3nundrum 3 года назад

YES!! Well done @codingo. More of this please and thank you. Rocking the bbc shirt too :)

@codingo 3 года назад

haha, thank-you!

@abartandhakal9258 3 года назад

okay first comment :p Will edit later. Edit: Awesome one mate! :D All those week you spent on editing, and documenting, can see why it took this much of time. Such an amazing quality for the usage of FFUF. Was in need of a good usage guide :D This answered all my questions.

@codingo 3 года назад

Tie with hakluke there!

@abartandhakal9258 3 года назад

@@codingo :p I was first. Nobody literally had commented for a first few seconds :p

@susovangarai6731 3 года назад

thank you for putting so much time to make this awesome video 😊👍

@codingo 3 года назад

My pleasure 😊

@nonoperation2356 3 года назад

This is great please continue this series.

@codingo 3 года назад

Certainly will be!

@amalekilawlor2569 3 года назад

Ooooh man, this guy is going to crush it on here. 👏👏👏 I subscribed at 1.85k

@BUGXS 3 года назад

couldn't find a better guide.. Thank you so much for this video!

@codingo 3 года назад

No problem! Glad you liked it!

@benjaminwaltermauss3349 2 года назад

Wow, thank you very much, you have saved me so much time! great video!

@jason9819240836 3 года назад

Great content💯 waiting to see more videos related to different types of bugs covered for bug bounty

@codingo 3 года назад

I will try my best, planning another for next week!

@saurabh5392 3 года назад

Awesome content Michael, this shows the effort you have put in. Instantly subscribed. And guess who is going to get featured in the next edition of Bounty Thursdays by Stok :D

@codingo 3 года назад

:D :D Thank-you!

@Cruisin_In_Comfort 2 года назад

Thanks for doing this. Great content.

@nyengnathan517 3 года назад

I came, I saw, I subscribed. Hoping for more content and regular uploads. Thanks

@codingo 3 года назад

Thanks! More on the way :)

@picious 3 года назад

GREAT video, visuals !!! Thank you !!

@codingo 3 года назад

Glad you liked it! Thank-you!

@xrfox1634 3 года назад

Thanks for the high quality video!!

@codingo 3 года назад

Appreciated!

@BenSoggy 3 года назад

Great video mate, really like the coverage of the stopping on spurious errors and rate limiting. That was the primary reason I didn't use on client engagements but will now!

@codingo 3 года назад

Couldn't agree more, such a useful tool provided it can work around your engagement terms

@cyberindia1 3 года назад

Thanks for such a great knowladgeful content

@codingo 3 года назад

It's my pleasure!

@MrSantheocles 3 года назад

First of all, I'm 12 hours late to: Awesome video. Well explained, and it made it all "click" for me. I think there's a tiny edit error at 17:08, but apart from that, perfect first video.

@codingo 3 года назад

Thank-you!

@pwnhun73r Год назад

Amazing content!!!!! What Distro are you using?

@ashleypursell9702 3 года назад

awesome video man thanks so much. if i can make a suggestion tho the music is a little loud, other than that i really appreciate you sharing with the community

@codingo 3 года назад

I've been playing around with it, it's -21db already, unsure how much more I'll tweak with it but we will see!

@jamesgaray7625 2 года назад

great video!

@codingo 2 года назад

Glad you enjoyed it Thank-you!

@zipp5022 2 года назад

hindi subtitles really helped out, thanks for this vid!

@codingo 2 года назад

You're welcome 😊

@hackersguild8445 3 года назад

This is one amazing video. Awesome

@codingo 3 года назад

Thank you very much!

@nickg.7275 3 года назад

Thank you!!! this explains so many things. in combination with insiderphd fuzz vidoes it is an awesome help for bughunters :)

@codingo 3 года назад

You're very welcome! And great to hear!

@trinidadhype5865 3 года назад

Great video! Also thank you for the one month of PentesterLab Pro :)

@codingo 3 года назад

Enjoy! And thank-you!

@cyberindia1 3 года назад

how did you get

@fevicoI 3 года назад

Hey, how are you setting that terminal background. its dope af?

@newname8988 3 года назад

A mythical Swedish deity told me to check this vid out. Wow, I do not regret it. Masterpiece.

@codingo 3 года назад

hahaha,. best Stok description ever. And thank-you!

@deveshsharma7025 3 года назад

This is What I want Amazing!!

@codingo 3 года назад

Great! Glad you liked it!

@SecurityGau 3 года назад

Great Video,

@codingo 3 года назад

Glad you enjoyed it!

@user-jo4lp5ll4v Год назад

Thank you very much I need to suggest the next lesson What after the recon . process Steps required and then reach the goal

@nhlcreation4240 3 года назад

This is what i exactly want,, thank you

@codingo 3 года назад

Awesome!

@MH-tw1qi 3 года назад

Great, Keep continue

@codingo 3 года назад

Thank you, I will

@bishal0x01 3 года назад

Great content!

@codingo 3 года назад

Glad you enjoy it!

@Arummekarlayung0706 3 года назад

great content !

@codingo 3 года назад

Thank-you!

@davidgrados6912 3 года назад

a video about HOST scan would be great, waiting for the next videos

@codingo 3 года назад

Unsure what you mean by host scan, do you mean github.com/codingo/VHostScan ?

@MrTJadam 3 года назад

Awesome vid! Thanks for making it! I really like the terminal your using, what terminal program is it?

@codingo 3 года назад

I use terminator with zsh and a fair bit of customisation. The animated background I've done in post using Adobe After Effects and Adobe Premiere

@xternl_ 3 года назад

Wonderful! 🤗

@codingo 3 года назад

Thank you! 😊

@herisonfreesome1146 3 года назад

Just Incredible

@codingo 3 года назад

Thank-you!

@0xJashim 3 года назад

awesome and cool

@codingo 3 года назад

Thank-you!

@cosminbulancea3973 3 года назад

you're not getting enough credit for all of this. thanks Michael!

@cosminbulancea3973 3 года назад

question: can you input multiple file extensions? like: -e .bak, .txt, .etc.?

@codingo 3 года назад

Yes, I beleive so!

@codingo 3 года назад

Thank-you!

@atharvvashishth2378 3 года назад

Love the terminal background, anywhere I can find it ?

@Mathos1 3 года назад

How exactly do you set you wordlist path to ./wordlist?

@aswinbalajib1884 3 года назад

Awesome

@shivamnegi1513 3 года назад

Great Video! :D I am assuming all pentesterlab subs are used?

@codingo 3 года назад

Yes, but a new video this week with more :)

@Nothing-lh9hp 3 года назад

thanks so much

@codingo 3 года назад

You're welcome!

@sho3hit 2 года назад

Hey I am facing issue while runnig it on Mac-book M1. Installed the Go and also clone the ffuf but it is still showing that "-bash: ffuf: command not found"

@NanoCyberSec 3 года назад

perfecto dude Nice! - NanoSecurity

@codingo 3 года назад

🙌

@leonardofreua3084 2 года назад

I don't know if I missed it, but how can I filter the results that have lines, words or sizes greater than a specific number? For example, how do I exclude all results with size 0?

@koroushpub6664 Год назад

-H and -b options have different formats: -b "Format: "NAME1=VALUE1; NAME2=VALUE2" -H ==> :"Name: Value,Name2: value2"

@7he7hief95 3 года назад

thx

@abel_simon 3 года назад

Quality 💯❣️

@codingo 3 года назад

Thank-you!

@olekkowol3587 Год назад

Do FFUF has command for fuzz more then one website form file command list-- not works.?

@Stish834 3 года назад

Hey, can we get successful results in our slack or telegram application? Suppose in VPS we are doing a scan & when we close the terminal, the work is running in the background, if the ffuf gives any output, can we get results directly into our favourite application.

@SajjadKhan-gh6dm 3 года назад

awesome sir can you tell me about what text editor you use in terminal vim like looking please tell me the name?

@codingo 3 года назад

It is vim, actually :)

@PetritK10 Год назад

What do you think about feroxbuster

@Mersal-uj5nh 3 года назад

4:20 did anyone notice that ? Its was what actually written as ~/bin/go/ffuf instead of ~/go/bin/ffuf . I was search for few minutes in home bin directory😁.

@shashankrp2241 3 года назад

I have a question with first base-64 code whats that

@codingo 3 года назад

I hide pentesterlab subscriptions in my videos, this was a part of that :)

@zezoboom1127 Год назад

Some commands do not work in ubuntu as (go)

@tumerayaz5772 3 года назад

thank you @codingo. I have a question for you. I have been looking for the answer to this question for 1 month. By proxying with the ffuf program, it works in integration with the burp suite program. example: ffuf -w urls.txt -u FUZZ -replay-proxy 127.0.0.1:8080 I want to do the same management on my server. I am trying to integrate it into the burp suite program on my home computer by proxying with ffuf on the vps server. but I could not manage it. What method can I apply for this?

@codingo 3 года назад

The very end of the video covers this with an example showing a replay over a remote VPS to your local burp :)

@DheerajMadhukar 3 года назад

Can you please share tool name which you used to create this video?

@codingo 3 года назад

I do everything in Adobe Premiere and Adobe After Effects. They're custom (bespoke) animations I've made for this channel though sorry!

@rezahosseini9167 2 года назад

HEY GUYS Idk how but every time I use ffuf it throws errors to me. I tried on both kali and ubuntu but no luck still the same errors. I would be really happy if someone help me🙂