-
Thanks for your tools which is very useful but you must add some options like the possibility to upload ours wordlists, and to modify the command executed like if using ffuf instead of dirsearch we ca…
-
This is a **enhancement idea**. I don't have the go skills to implement it myself.
ffuf could have an option (`--backup` ?) to fuzz results and look for backups and temporary files.
**Exemple**
L…
-
Hi,
I would like to suggest this:
- filter http response body
- filter http response header
for example:
ffuf -w test.txt -u https://url.com/FUZZ -rb "PHP Version&&&&PHP API&&&&PHP Extension"…
eugui updated
4 years ago
-
I frequently encounter a scenario where is just not honouring the regex I give to it, whether I use match/filter.
Here is an example, I am using HEAD and basically every response should contain…
-
it's not possible to FUZZ absolute URL e.g. I'm using
`ffuf -request req.txt -w words.txt -u https://www.google.com`
and req.txt is
```
GET https://FUZZ/ HTTP/1.1
Host: www.google.com
…
-
When I'm looking at idor's generally I generate payloads with Intruder: payload type numbers. But ffuf it's faster than intruder, and I'm able to save results in json format for later post-processing …
-
Hey,
When using fuff with `-D` flag to generate dynamic wordlist with the passed extensions leads to duplicate entries. When the wordlist already has the newly generated string in the list leads to…
-
It would be great to have a signature-based fingerprinting.
For example, a user provides a list of signatures that are labelled by user's choice. e.g in format similiar to following:
```
{
"…
-
Hello,
I wanted to code this myself but there is ffuf. I wanted to match response code 504 and 503, when the server timeouts for a large period of time. When ffuf reaches the limit of time, it dire…
-
Hi Joona!
A few weeks ago I noticed that ffuf didn't match my provided regular expression filters / matchers. Today, I encountered this again and did a bit more research on how and why. It looks li…