FFUF – Hello, a guy’s In this article I’m going to teach you one of the best tools for website penetration testing.
What is FFUF?
FFUF has a channel at Porchetta Industries Discord server alongside channels for many other tools. It is the fastest content discovery tool with the least configuration.
How to install and use this tool?
Step 1:
First of all, we need to install the Golang package so type the below command in your terminal
sudo apt install golang -y
Step 2:
Now we set the GOPATH environment variable on our system with the help of the below commands.
export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
Step 3:
Then download the FFUF Golang tool so execute the following commands
go get -u github.com/ffuf/ffuf
ffuf -h
Step 4:
Now we can Discover all website content, This tool performs a dictionary-based attack against a web application to identify sensitive files, so we need to place a wordlist with a website URL but make sure you describe “FUZZ” wherever you want to attack needed. Once execute the command we got some useful files and hidden location of the website.
USAGE : ffuf -w { wordlist path } -u { URL }/FUZZ
ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ"
If you need to get a specific response code results means please type the below command in your terminal
ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ" -mc 200
If you need to get a specific extension means to type the following command
ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ" -mc 200 -e .php
