FFUF — Practical Guide

1. INTRODUCTION

FFUF (Fast web FUzzer) is a high-speed, flexible web fuzzing and content discovery tool.

Used in bug bounty, CTFs, and pentesting to find hidden directories, files, parameters, vhosts, and API endpoints.

2. BASIC DIRECTORY FUZZING

Basic usage:

bash
ffuf -u http://target.com/FUZZ -w wordlist.txt

Example:

bash
ffuf -u http://10.10.10.5/FUZZ -w /usr/share/wordlists/dirb/common.txt

3. FILTERING RESPONSES

Filter by status code:

bash
ffuf -u http://target.com/FUZZ -w wordlist.txt -mc 200,301,302

Ignore specific codes:

bash
ffuf -u http://target.com/FUZZ -w wordlist.txt -mc all -fc 404

Filter by response size:

bash
ffuf -u http://target.com/FUZZ -w wordlist.txt -fs 0

Useful when 404 pages are identical.

4. FILE EXTENSIONS

Brute force file extensions:

bash
ffuf -u http://target.com/FUZZ -w list.txt -e .php,.txt,.bak

Example:

bash
ffuf -u http://10.10.10.5/FUZZ -w common.txt -e .php,.html

5. VIRTUAL HOST FUZZING

Find hidden subdomains:

bash
ffuf -u http://target.com -H "Host: FUZZ.target.com" -w subdomains.txt

Example:

bash
ffuf -u http://10.10.10.5 -H "Host: FUZZ.company.com" -w subs.txt

6. PARAMETER DISCOVERY

Find hidden parameters:

bash
ffuf -u http://target.com/page.php?FUZZ=test -w params.txt

Example:

bash
ffuf -u http://site.com/index.php?FUZZ=1 -w params.txt

7. POST DATA FUZZING

Fuzz POST parameters:

bash
ffuf -u http://target.com/login -w words.txt -X POST -d "username=admin&password=FUZZ"

Useful for:

bash
Password brute force
bash
Weak login form testing

8. HEADER FUZZING

Fuzz custom headers:

bash
ffuf -u http://target.com -H "X-Forwarded-For: FUZZ" -w ips.txt

Useful for:

bash
WAF bypass
bash
IP whitelisting bypass

9. RATE LIMIT AND THREADS

Set threads:

bash
ffuf -t 100

Enable rate limiting:

bash
ffuf -r

Example:

bash
ffuf -u http://target/FUZZ -w big.txt -t 200

10. IGNORING TLS ERRORS

Ignore invalid SSL certs:

bash
ffuf -k

11. MATCH / FILTER MODES

Match by number of words:

bash
ffuf -mw 50

Filter by line count:

bash
ffuf -fl 5

Match by regex:

bash
ffuf -mr "admin"

12. RECURSIVE FUZZING

Enable recursion:

bash
ffuf -recursive

Specify depth:

bash
ffuf -recursive-depth 2

Example:

bash
ffuf -u http://target/FUZZ -w list.txt -recursive

13. OUTPUT OPTIONS

Save in JSON format:

bash
ffuf -o result.json -of json

Save in HTML format:

bash
ffuf -o report.html -of html

14. FULL CTF WORKFLOW EXAMPLES

Directory brute force:

bash
ffuf -u http://ctf.local/FUZZ -w common.txt -mc 200,301

Find backup files:

bash
ffuf -u http://ctf.local/FUZZ -w backups.txt -e .zip,.bak,.old

Find API routes:

bash
ffuf -u http://api.local/FUZZ -w api.txt

Find parameters for SQL injection:

bash
ffuf -u http://ctf.local/index.php?FUZZ=1 -w params.txt -mc 200

Find admin panels:

bash
ffuf -u http://target/FUZZ -w admin-panels.txt -mc 200
← Back to tutorial