FFUF – A Fastest Web Content Discovery Tool

Hey Folks, today we are going to discuss the best and top leading tool for web penetration testing and it is also promoted by “Offensive Security”. FFUF has a channel at Porchetta Industries Discord server alongside of channels for many other tools. It is the fastest content discovery tool with the least configuration.

Let’s talk about this tool 🙂 !!

Install Golang

It is mandatory that the Go utility should be pre-configured in our system. You can install and set GOPATH environment variable on your system with the help of below commands.

apt install golang -y
export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

Install FFUF Tool

Now we can download this tool through Go utility and can easily operate it anywhere by entering the name of this tool.

go get -u github.com/ffuf/ffuf
ffuf -h

Content Discovery

It performs dictionary based attack against web application to identify sensitive files, so we need to place wordlist with website URL but make sure you describe “FUZZ” wherever you want to attack needed. Once execute the command we got some useful files and hidden location of the website.

Usage 🙂 !! ffuf -w { wordlist path } -u { URL }/FUZZ

./ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ"

Specific Response Code

Simply we have to mention the response code in the command and then it will show the result only related to the given response code.

Usage 🙂 !! ffuf -w { wordlist path } -u { URL }/FUZZ -mc { Code }

./ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ" -mc 200

Extensions

Now to further improve your results you can add another query of specific extension to the command so that it can give you results accordingly. In our case we choose only files with extension “.php“.

Usage 🙂 !! ffuf -w { wordlist path } -u { URL }/FUZZ -mc { Code } -e { eextension }

ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ" -mc 200 -e .php

Save Output

Now we can save all these results in any file format by simply adding “-o” syntax to our command.

ffuf -w /usr/share/dirb/wordlists/common.txt -u "http://testphp.vulnweb.com/FUZZ" -mc 200 -e .php -o new.txt

Hmm 🙂 !! As you can see the results are saved but as raw format which makes it quite difficult to view. Anyway if there are any other features left of this tool then you can tell us in the comment section.