PwnKit

⚡ ffuf — Hızlı HTTP fuzzing

Dizin, sanal host, parametre ve POST verisi fuzzing için çok hızlı araç.

Söz dizimi

#1
ffuf -w <wordlist> -u http://site/FUZZ [seçenekler]

Dizin fuzz

#1
ffuf -w wl.txt -u http://site/FUZZ -e .php,.txt
#2
ffuf -w wl.txt -u http://site/FUZZ -mc 200,204,301,302,307,401,403 -fc 404
#3
ffuf -w wl.txt -u https://site/FUZZ -recursion -recursion-depth 2

VHost fuzz

#1
ffuf -w hosts.txt -H "Host: FUZZ.site" -u http://site -fw 18
#2
ffuf -w hosts.txt -H "Host: FUZZ.site" -u https://IP -mc all

Parametre/POST fuzz

#1
ffuf -w params.txt -u "http://site/index.php?FUZZ=test" -fs 4242
#2
ffuf -w users.txt:USER -w passes.txt:PASS -X POST -d "user=USER&pass=PASS" -H "Content-Type: application/x-www-form-urlencoded" -u http://site/login -mc 200

Performans & çıktı

#1
ffuf -t 100 -rate 1000 -timeout 10
#2
ffuf -of csv -o out.csv -v
#3
ffuf -replay-proxy http://127.0.0.1:8080