{"id":311,"date":"2025-05-19T12:17:23","date_gmt":"2025-05-19T12:17:23","guid":{"rendered":"https:\/\/howtocybersec.com\/?p=311"},"modified":"2025-06-20T11:37:47","modified_gmt":"2025-06-20T11:37:47","slug":"ffuf-use-cases","status":"publish","type":"post","link":"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/","title":{"rendered":"FFUF Playbook \u2013 Web Fuzzing Like a Pro"},"content":{"rendered":"\n
  1. Installation<\/span><\/li>
  2. Basic Syntax<\/span><\/li>
  3. Basic Directory Fuzzing<\/span><\/li>
  4. Filter by Status Code \/ Size \/ Words<\/span><\/li>
  5. Hidden Admin Pages Detection<\/span><\/li>
  6. File Extension Brute Force<\/span><\/li>
  7. Recursive Directory Bruteforce<\/span><\/li>
  8. Subdomain Brute Forcing<\/span><\/li>
  9. Virtual Host (vHost) Discovery<\/span><\/li>
  10. Fuzzing GET Parameters<\/span><\/li>
  11. Fuzzing POST Parameters<\/span><\/li>
  12. Authentication & Header Fuzzing<\/span><\/li>
  13. Bypass 403 Forbidden<\/span><\/li>
  14. Input Reflection Fuzzing (Basic XSS\/Debug)<\/span><\/li>
  15. Combine with Waybackurls\/GAU Output<\/span><\/li>
  16. Combo Mode: Multiple Wordlists<\/span><\/li>
  17. Tips:<\/span><\/li>
  18. Wordlists You Should Use<\/span><\/li><\/ol><\/div><\/div><\/div>\n\n\n\n

    Installation<\/h3>\n\n\n\n
    \n
    \n
    go install github.com\/ffuf\/ffuf\/v2@latest\n<\/code><\/pre>\n<\/div>\n<\/div>\n\n\n\n
    Or precompiled:
    https:\/\/github.com\/ffuf\/ffuf\/releases<\/a><\/p>\n\n\n\n
    Basic Syntax<\/h3>\n\n\n\n
    ffuf -u https:\/\/target.com\/FUZZ -w wordlist.txt\n<\/code><\/pre>\n\n\n\n
    Basic Directory Fuzzing<\/h3>\n\n\n\n
    ffuf -u https:\/\/target.com\/FUZZ -w \/usr\/share\/seclists\/Discovery\/Web-Content\/common.txt\n<\/code><\/pre>\n\n\n\n
    Filter by Status Code \/ Size \/ Words<\/h3>\n\n\n\n
    ffuf -u https:\/\/target.com\/FUZZ -w common.txt -mc 200<\/code><\/pre>\n\n\n\n
    -mc 200 \u2192 Match status code\n-fs 1234 \u2192 Filter by size\n-fw 20 \u2192 Filter by word count<\/pre>\n\n\n\n
    Hidden Admin Pages Detection<\/h3>\n\n\n\n
    ffuf -u https:\/\/target.com\/FUZZ -w admin-panels.txt -mc 200\n<\/code><\/pre>\n\n\n\n
    Use targeted wordlists like Admin-Login-Pages.txt<\/code>.<\/p>\n\n\n\n
    File Extension Brute Force<\/h3>\n\n\n\n
    ffuf -u https:\/\/target.com\/FUZZ.php -w common.txt\n<\/code><\/pre>\n\n\n\n
    Or:<\/p>\n\n\n\n
    ffuf -u https:\/\/target.com\/FUZZ -w common.txt -e .php,.bak,.zip,.old\n<\/code><\/pre>\n\n\n\n
    Use Case<\/strong>: Discover .bak<\/code>, .zip<\/code>, or .php~<\/code> dev files.<\/p>\n\n\n\n
    Recursive Directory Bruteforce<\/h2>\n\n\n\n
    ffuf -u https:\/\/target.com\/FUZZ -w dirs.txt -recursion -recursion-depth 2\n<\/code><\/pre>\n\n\n\n
    Subdomain Brute Forcing<\/h2>\n\n\n\n
    ffuf -u https:\/\/FUZZ.target.com -w subdomains.txt -H \"Host: FUZZ.target.com\"\n<\/code><\/pre>\n\n\n\n
    Virtual Host (vHost) Discovery<\/h2>\n\n\n\n
    ffuf -u http:\/\/target.com -H \"Host: FUZZ.target.com\" -w vhosts.txt\n<\/code><\/pre>\n\n\n\n
    Fuzzing GET Parameters<\/h2>\n\n\n\n
    ffuf -u https:\/\/target.com\/index.php?FUZZ=test -w params.txt -fs 0\n<\/code><\/pre>\n\n\n\n
    Fuzzing POST Parameters<\/h2>\n\n\n\n
    ffuf -w params.txt -X POST -d 'FUZZ=test' -u https:\/\/target.com\/login.php -H \"Content-Type: application\/x-www-form-urlencoded\"\n<\/code><\/pre>\n\n\n\n
    Add -fs<\/code> to skip same-size error responses.<\/p>\n\n\n\n
    Authentication & Header Fuzzing<\/h2>\n\n\n\n
    ffuf -u https:\/\/target.com\/FUZZ -H \"Authorization: Bearer FUZZ\" -w tokenlist.txt\n<\/code><\/pre>\n\n\n\n
    Or:<\/p>\n\n\n\n
    ffuf -u https:\/\/target.com\/ -w headers.txt -H \"FUZZ: customvalue\"\n<\/code><\/pre>\n\n\n\n
    Bypass 403 Forbidden<\/h2>\n\n\n\n
    ffuf -u https:\/\/target.com\/FUZZ -w bypass-403.txt -mc 200,403,401\n<\/code><\/pre>\n\n\n\n
    Input Reflection Fuzzing (Basic XSS\/Debug)<\/h2>\n\n\n\n
    ffuf -u \"https:\/\/target.com\/page.php?input=FUZZ\" -w xss-payloads.txt -fr \"<script>\"\n<\/code><\/pre>\n\n\n\n
    -fr<\/code> \u2192 match reflected payloads<\/p>\n\n\n\n
    Combine with Waybackurls\/GAU Output<\/h2>\n\n\n\n
    gau target.com | grep -iE '\\.php|\\.asp' | ffuf -u https:\/\/target.com\/FUZZ -w - -mc 200\n<\/code><\/pre>\n\n\n\n
    Combo Mode: Multiple Wordlists<\/h2>\n\n\n\n
    ffuf -w usernames.txt:USERNAME -w passwords.txt:PASSWORD -u https:\/\/target.com\/login.php?u=USERNAME&p=PASSWORD\n<\/code><\/pre>\n\n\n\n
    Tips:<\/h2>\n\n\n\n
    Use -ac (auto-calibrate) for noisy targets\n\nUse -of json for structured output\n\nCombine with tools like httpx or gau in bash pipelines\n\nTry encoding payloads in base64\/URL for bypass\n\nCreate recon templates for repeatable workflows<\/code><\/pre>\n\n\n\n
    Wordlists You Should Use<\/h2>\n\n\n\n
      \n
    • \/usr\/share\/seclists\/Discovery\/Web-Content\/<\/code><\/li>\n\n\n\n
    • assetnote\/commonspeak2<\/code><\/li>\n\n\n\n
    • PayloadsAllTheThings<\/code><\/li>\n\n\n\n
    • Custom wordlists from waybackurls<\/code>, gau<\/code><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
      Installation go install github.com\/ffuf\/ffuf\/v2@latest Or precompiled:https:\/\/github.com\/ffuf\/ffuf\/releases Basic Syntax Basic Directory Fuzzing Filter by Status Code \/ Size \/ Words -mc 200 \u2192 Match status code -fs 1234 \u2192 Filter by size -fw 20 \u2192 Filter by word count Hidden Admin Pages Detection Use targeted wordlists like Admin-Login-Pages.txt. File Extension Brute Force Or: Use Case: Discover…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[14,11,7,8,9,10,12],"yoast_head":"\nFFUF Playbook \u2013 Web Fuzzing Like a Pro - HowToCyberSec<\/title>\n<meta name=\"description\" content=\"fuff is a powerful web reconnaissance tool written in golang. Here are the real live pentest use cases which take your web recon on next level.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FFUF Playbook \u2013 Web Fuzzing Like a Pro - HowToCyberSec\" \/>\n<meta property=\"og:description\" content=\"fuff is a powerful web reconnaissance tool written in golang. Here are the real live pentest use cases which take your web recon on next level.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/\" \/>\n<meta property=\"og:site_name\" content=\"HowToCyberSec\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-19T12:17:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-20T11:37:47+00:00\" \/>\n<meta name=\"author\" content=\"Mark H\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark H\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/\",\"url\":\"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/\",\"name\":\"FFUF Playbook \u2013 Web Fuzzing Like a Pro - HowToCyberSec\",\"isPartOf\":{\"@id\":\"https:\/\/howtocybersec.com\/#website\"},\"datePublished\":\"2025-05-19T12:17:23+00:00\",\"dateModified\":\"2025-06-20T11:37:47+00:00\",\"author\":{\"@id\":\"https:\/\/howtocybersec.com\/#\/schema\/person\/749ebd633743795270a76e9b7b23a5d2\"},\"description\":\"fuff is a powerful web reconnaissance tool written in golang. Here are the real live pentest use cases which take your web recon on next level.\",\"breadcrumb\":{\"@id\":\"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/howtocybersec.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FFUF Playbook \u2013 Web Fuzzing Like a Pro\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/howtocybersec.com\/#website\",\"url\":\"https:\/\/howtocybersec.com\/\",\"name\":\"SecTec-Blog\",\"description\":\"Where you learn about technology news and raise your Cyber IQ\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/howtocybersec.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/howtocybersec.com\/#\/schema\/person\/749ebd633743795270a76e9b7b23a5d2\",\"name\":\"Mark H\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/howtocybersec.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a14dbca4e1bbecf3f7c69cb2ec4a59b4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a14dbca4e1bbecf3f7c69cb2ec4a59b4?s=96&d=mm&r=g\",\"caption\":\"Mark H\"},\"url\":\"https:\/\/howtocybersec.com\/index.php\/author\/bl0gg3r\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FFUF Playbook \u2013 Web Fuzzing Like a Pro - HowToCyberSec","description":"fuff is a powerful web reconnaissance tool written in golang. Here are the real live pentest use cases which take your web recon on next level.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/","og_locale":"en_US","og_type":"article","og_title":"FFUF Playbook \u2013 Web Fuzzing Like a Pro - HowToCyberSec","og_description":"fuff is a powerful web reconnaissance tool written in golang. Here are the real live pentest use cases which take your web recon on next level.","og_url":"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/","og_site_name":"HowToCyberSec","article_published_time":"2025-05-19T12:17:23+00:00","article_modified_time":"2025-06-20T11:37:47+00:00","author":"Mark H","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Mark H","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/","url":"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/","name":"FFUF Playbook \u2013 Web Fuzzing Like a Pro - HowToCyberSec","isPartOf":{"@id":"https:\/\/howtocybersec.com\/#website"},"datePublished":"2025-05-19T12:17:23+00:00","dateModified":"2025-06-20T11:37:47+00:00","author":{"@id":"https:\/\/howtocybersec.com\/#\/schema\/person\/749ebd633743795270a76e9b7b23a5d2"},"description":"fuff is a powerful web reconnaissance tool written in golang. Here are the real live pentest use cases which take your web recon on next level.","breadcrumb":{"@id":"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/howtocybersec.com\/index.php\/2025\/05\/19\/ffuf-use-cases\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/howtocybersec.com\/"},{"@type":"ListItem","position":2,"name":"FFUF Playbook \u2013 Web Fuzzing Like a Pro"}]},{"@type":"WebSite","@id":"https:\/\/howtocybersec.com\/#website","url":"https:\/\/howtocybersec.com\/","name":"SecTec-Blog","description":"Where you learn about technology news and raise your Cyber IQ","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/howtocybersec.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/howtocybersec.com\/#\/schema\/person\/749ebd633743795270a76e9b7b23a5d2","name":"Mark H","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/howtocybersec.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a14dbca4e1bbecf3f7c69cb2ec4a59b4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a14dbca4e1bbecf3f7c69cb2ec4a59b4?s=96&d=mm&r=g","caption":"Mark H"},"url":"https:\/\/howtocybersec.com\/index.php\/author\/bl0gg3r\/"}]}},"_links":{"self":[{"href":"https:\/\/howtocybersec.com\/index.php\/wp-json\/wp\/v2\/posts\/311"}],"collection":[{"href":"https:\/\/howtocybersec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/howtocybersec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/howtocybersec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/howtocybersec.com\/index.php\/wp-json\/wp\/v2\/comments?post=311"}],"version-history":[{"count":8,"href":"https:\/\/howtocybersec.com\/index.php\/wp-json\/wp\/v2\/posts\/311\/revisions"}],"predecessor-version":[{"id":335,"href":"https:\/\/howtocybersec.com\/index.php\/wp-json\/wp\/v2\/posts\/311\/revisions\/335"}],"wp:attachment":[{"href":"https:\/\/howtocybersec.com\/index.php\/wp-json\/wp\/v2\/media?parent=311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/howtocybersec.com\/index.php\/wp-json\/wp\/v2\/categories?post=311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/howtocybersec.com\/index.php\/wp-json\/wp\/v2\/tags?post=311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}