-
Hi,
ffuf supports to use STDIN as wordlist. That is great for tool chaining. But it tries to read the full stream first and then starts processing the entries.
In my case I generate the list of ta…
-
Hello, I have encountered the following issue when running `ffuf` after the 1.4 release:
Using the `-or` option always returns `[INFO] No results and -or defined, output file not written.` even if …
-
Hi, currently, I'm wanting to replace Burp Intruder with FFUF at some points. But, Burp Suite Intruder allows you to select the payload set: Numbers, dates, characters, files, available simple payload…
-
Hey man,
Just have a simple output idea to make this tool easier to mix with other tools.
It would be possible to add an option to show the full URL on every discovery (file/directory) ?
eg:
ffuf …
-
Hi,
Assume that I run:
**ffuf -u https://target.com**
I want ffuf output on **cli**:
**https://target.com/somefoundPath**
instead of just **somefoundPath**
Is this possible?
-
Hello,
me, @binaryrip and other mates were working on some Hack The Box exercises and during the usage of `ffuf` we noticed that when `ffuf` submitted HTTP POST requests for some specific case, they …
-
# Threads problem
The default value is 40 and with this value and shortlist with 700 words `-sa -se -sf` flags is not working properly.
In this scenario, I'm using an endpoint where the responses…
-
This is a **enhancement idea**. I don't have the go skills to implement it myself.
ffuf could have an option (`--backup` ?) to fuzz results and look for backups and temporary files.
**Exemple**
L…
-
Hi,
I would like to suggest this:
- filter http response body
- filter http response header
for example:
ffuf -w test.txt -u https://url.com/FUZZ -rb "PHP Version&&&&PHP API&&&&PHP Extension"…
eugui updated
4 years ago
-
Steps to reproduce:
Set up a proxy that will allow you to observe the requests. BurpSuite or Zap would be fine for this.
Run ffuf:
ffuf -w /usr/share/seclists/Fuzzing/SQLi/Generic-BlindSQLi.…