ffuf is quickly becoming a key tool for bug bounty hunters, but how do you use it? In this video I start at the basics showing some really neat features of ffuf and how you can use some simple one-liners to do rather complex fuzzing!
Did you know this episode was sponsored by Intigriti? Sign up with my link [ Ссылка ] I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
ffuf is well known as a brute-forcing tool, but did you know it can be used for so much more than directory discovery?? I didn't! The FUZZ keyword is so powerful you can use it to fuzz headers, parameters, and add filters to cut down false positives. With the right wordlist ffuf can become the go-to tool for bug hunting.
Resources
- ffuf : [ Ссылка ]
- Installing ffuf into the PATH OSX : [ Ссылка ]
- Installing ffuf into the PATH Windows : [ Ссылка ]
- SecLists : [ Ссылка ]
- TomNomNom's talk : [ Ссылка ]
- Here are the one-liners I use: [ Ссылка ]
- My ffuf translator: [ Ссылка ]
- 0xatul's jq translator: [ Ссылка ]
- Patrik's jq translator: [ Ссылка ]
Connect with me
- Twitter : [ Ссылка ]
- InsiderPhD Discord : [ Ссылка ]
- Patreon : [ Ссылка ]
How to use ffuf - Hacker Toolbox
Теги
ffufhow to use ffufhow to fuzzfuzzing tutorialinsiderphpinsider phdbug bountyinsider phd apiapi hackingapi hacking bug bountyapi hacking toolsbug bounty recon toolsrecon bug bountyrecon bug huntingbug hunting livebug bounty liveethical hackinghow to do reconfuzzing web applicationsffuf fuzzingffuf tutorial