Show Menu
Cheatography
  1. Home >
  2. Programming >

Attacking Web Application With FFUF Cheat Sheet (DRAFT) by

The cheat sheet is a useful command reference for Ffuf.

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Ffuf

ffuf -h
ffuf help
ffuf -w wordli­st.t­xt­:FUZZ -u http:/­/SE­RVE­R_I­P:P­ORT­/FUZZ
Directory Fuzzing
ffuf -w wordli­st.t­xt­:FUZZ -u http:/­/SE­RVE­R_I­P:P­ORT­/in­dexFUZZ
Extension Fuzzing
ffuf -w wordli­st.t­xt­:FUZZ -u http:/­/SE­RVE­R_I­P:P­ORT­/bl­og/­FUZ­Z.php
Page Fuzzing
ffuf -w wordli­st.t­xt­:FUZZ -u http:/­/SE­RVE­R_I­P:P­ORT­/FUZZ -recursion -recur­sio­n-depth 1 -e .php -v
Recursive Fuzzing
ffuf -w wordli­st.t­xt­:FUZZ -u https:­//F­UZZ.ha­ckt­heb­ox.eu/
Sub-domain Fuzzing
ffuf -w wordli­st.t­xt­:FUZZ -u http:/­/ac­ade­my.htb:PORT/ -H 'Host: FUZZ.a­cad­emy.htb' -fs xxx
VHost Fuzzing
ffuf -w wordli­st.t­xt­:FUZZ -u http:/­/ad­min.ac­ade­my.htb:PORT/­adm­in/­adm­in.p­hp­?FU­ZZ=key -fs xxx
Parameter Fuzzing - GET
ffuf -w wordli­st.t­xt­:FUZZ -u http:/­/ad­min.ac­ade­my.htb:PORT/­adm­in/­adm­in.php -X POST -d 'FUZZ=key' -H 'Conte­nt-­Type: applic­ati­on/­x-w­ww-­for­m-u­rle­ncoded' -fs xxx
Parameter Fuzzing - POST
ffuf -w ids.tx­t:FUZZ -u http:/­/ad­min.ac­ade­my.htb:PORT/­adm­in/­adm­in.php -X POST -d 'id=FUZZ' -H 'Conte­nt-­Type: applic­ati­on/­x-w­ww-­for­m-u­rle­ncoded' -fs xxx
Value Fuzzing

Wordlist

/opt/u­sef­ul/­sec­lis­ts/­Dis­cov­ery­/We­b-C­ont­ent­/di­rec­tor­y-l­ist­-2.3­-s­mal­l.txt
Direct­ory­/Page Wordlist
/opt/u­sef­ul/­sec­lis­ts/­Dis­cov­ery­/We­b-C­ont­ent­/we­b-e­xte­nsi­ons.txt
Extensions Wordlist
/opt/u­sef­ul/­sec­lis­ts/­Dis­cov­ery­/DN­S/s­ubd­oma­ins­-to­p1m­ill­ion­-50­00.txt
Domain Wordlist
/opt/u­sef­ul/­sec­lis­ts/­Dis­cov­ery­/We­b-C­ont­ent­/bu­rp-­par­ame­ter­-na­mes.txt
Parameters Wordlist

Misc

sudo sh -c 'echo "­SER­VER_IP academ­y.h­tb" >> /etc/h­osts'
Add DNS entry
for i in $(seq 1 1000); do echo $i >> ids.txt; done
Create Sequence Wordlist
curl http:/­/ad­min.ac­ade­my.htb:PORT/­adm­in/­adm­in.php -X POST -d 'id=key' -H 'Conte­nt-­Type: applic­ati­on/­x-w­ww-­for­m-u­rle­ncoded'
curl w/ POST