A detailed guide to FFUF (Fuzz Faster you Fool), a web application fuzzing framework for security researchers.
▬ Written guide ▬▬▬▬▬▬▬▬▬▬▬▬▬
codingo.io/tools/ffuf/bounty/...
▬ Continue the discussion ▬▬▬▬▬▬▬▬
✭ Twitter: / codingo_
✭ Patreon: / codingo
✭ Facebook: / codingo
▬ Table of Contents ▬▬▬▬▬▬▬▬▬▬▬
0:00 Introduction
1:50 What is FFUF?
3:07 Installation
5:10 Upgrading
5:22 Your first scan
6:37 Wordlist basics
7:20 Using Recursion
8:07 Recursion Example
9:21 Extension Checks
11:08 Using Custom Fuzzing Words
11:34 Using Custom Fuzzing Words Example
12:21 Silent Mode and Tee for Output
13:28 Working with HTML Output
14:35 Filters and Matches
16:29 Authentication: Cookies
17:08 Authentication: Headers
17:45 Authentication via Burp Suite
18:58 Using Multiple Fuzzing Locations
20:07 Importing Requests
21:45 Wordlist Modes
22:25 Clusterbomb Mode
22:48 Pitchfork Mode
23:18 Stop on Spurious Errors
23:43 Queue Wide Rate Limiting
24:37 Automatic Calibration Mode
25:28 Replay Proxy (local)
26:27 Replay Proxy (remote)
28:28 Outro
▬ Additional Resources ▬▬▬▬▬▬▬▬▬▬
✭ Building your own wordlists with TomNomNom: • Who, What, Where, When...
✩ How to use ffuf with InsiderPHD: • How to use ffuf - Hack...
✭ HTTP Response codes: developer.mozilla.org/en-US/d...
✩ SecLists: github.com/danielmiessler/Sec...
8 авг 2024