Hey Folks, today we are going to discuss the best and top leading tool for web penetration testing and it is also promoted by “Offensive Security”. FFUF has a channel at Porchetta Industries Discord server alongside of channels for many other tools. It is the fastest content discovery tool with the least configuration.
Let’s talk about this tool 🙂 !!
Install Golang
It is mandatory that the Go utility should be pre-configured in our system. You can install and set GOPATH environment variable on your system with the help of below commands.
|
1 2 3 4 |
apt install golang -y export GOROOT=/usr/lib/go export GOPATH=$HOME/go export PATH=$PATH:$GOROOT/bin:$GOPATH/bin |
Install FFUF Tool
Now we can download this tool through Go utility and can easily operate it anywhere by entering the name of this tool.
|
1 2 |
go get -u github.com/ffuf/ffuf ffuf -h |
Content Discovery
It performs dictionary based attack against web application to identify sensitive files, so we need to place wordlist with website URL but make sure you describe “FUZZ” wherever you want to attack needed. Once execute the command we got some useful files and hidden location of the website.
Usage 🙂 !! ffuf -w { wordlist path } -u { URL }/FUZZ
|
1 |
./ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ" |
Specific Response Code
Simply we have to mention the response code in the command and then it will show the result only related to the given response code.
Usage 🙂 !! ffuf -w { wordlist path } -u { URL }/FUZZ -mc { Code }
|
1 |
./ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ" -mc 200 |
Extensions
Now to further improve your results you can add another query of specific extension to the command so that it can give you results accordingly. In our case we choose only files with extension “.php“.
Usage 🙂 !! ffuf -w { wordlist path } -u { URL }/FUZZ -mc { Code } -e { eextension }
|
1 |
ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ" -mc 200 -e .php |
Save Output
Now we can save all these results in any file format by simply adding “-o” syntax to our command.
|
1 |
ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ" -mc 200 -e .php -o new.txt |
Hmm 🙂 !! As you can see the results are saved but as raw format which makes it quite difficult to view. Anyway if there are any other features left of this tool then you can tell us in the comment section.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
