ffuf.cheat

% ffuf

$ list: find /opt/wordlists -type f -not -path "/opt/wordlists/SecLists/.git/*" -print

# Basic fuff
ffuf -u <url>/FUFF -w <wordlist>

# Fuzz special chars, mc to match http code comma separated , fw to filter for Words number
ffuf -u <url>/FUFF -w /opt/wordlists/SecLists/Fuzzing/special-chars.txt -mc <codes> -f <n>

# Basic fzf fuff
ffuf -u <url>/FUFF -w <list> -t 75 -ac -c

# Basic search php extension recursively
ffuf -w <list> -u <target>/FUZZ -recursion -recursion-depth 2 -e .<ext> -v

; dom=$(echo <url> | unfurl format %s%d)
# Quick
ffuf -c -v -u <url>/FUZZ -w quick.txt \
	-H "User-Agent: Mozilla Firefox Mozilla/5.0" \
	-H "X-Bug-Bounty: rez0" -ac -mc all -o <dom>.csv \
	-of csv $2 -maxtime 360 <$3>

; dom=$(echo <url> | unfurl format %s%d)
# Recursive
  mkdir -p recursive
  ffuf -c -v -u <url>/FUZZ -w $2 -H "User-Agent: Mozilla Firefox Mozilla/5.0" \
  -H "X-Bug-Bounty: rez0" -recursion -recursion-depth 5 -mc all -ac \
  -o recursive/recursive_<dom>.csv -of csv <$3>

; dom=$(echo <url> | unfurl format %s%d)
# vhosts
	ffuf -c -u <url> -H "Host: FUZZ" -w vhosts.txt \
	-H "X-Bug-Bounty: rez0" -ac -mc all -fc 400,404 -o vhost_<output>.csv \
	-of csv -maxtime 120

# cvs processing ffuf output
find -name "*.csv" -exec cat {} \; | grep ,200, \
	| sed 's/,/ /g' | sort -k 5,5 -u -n | vim -

# ssrf portscan from stdin
seq 1 65535 | ffuf -X POST -c -w - -u <ssrfurl> -d "param=http://localhost:FUZZ"