-
Hello there,
Nice tool you got there.
2 small things that would improve the automation for scripting:
1. It would be a good idea to be able to put the ffuf command anywhere when running brain…
-
# Request body example
ffuf -w sqli_payloads.txt -u 'https://ffuf.io.fi/api/v1/users/1' \
-X PUT -H 'Content-Type: application/json' -d '{"uid":"FUZZ"}' -X PUT
-
Just like what I described in https://github.com/jthack/ffufai/issues/3
we can see both the URL and headers parameters are susceptible to RCE. For instance, a custom header could include any system c…
-
Trying to run `powerpwn copilot-studio-hunter deep-scan` I got the following error. This is because the directory `helpers` doesn't get created and its content not copied.
```bash
vscode ➜ /worksp…
-
2024-06-03 09:59:55,308 [INFO] executors.py:612 -- ExecutorID f4e85c-0 - Cleaning temporary data
Encountered a bad command exit code!
Command: '/go/bin/ffuf -u /tmp/infile'
Exit code: 127
St…
-
Hi!
I'm not sure if there is a bug (maybe I'm doing something wrong) - but since I can hardly find examples of using ffuf as a library, I can't be sure
When running a test that dirbusts the host…
-
Hello,
This is the second time I encounter this situation where I have to fuzz a RESTful API just to show a PoC and I find out `ffuf` fails to show the correct result.
The thing is the API retur…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Current Behavior
In Ubuntu 22.04, both update from 2.1.3 to 2.2.0 AND install by script install.sh got this er…
-
The additional techniques described here:
https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/
Could be applied to iis_shortnames/ffuf_shortnames modules
Thanks @amiremami fo…
-
Keypoints:
- /site: 301 in FFUF/feroxbuster result but actually we can access it
- allow_url_fopen, allow_url_include, LFI, RFI
- [PE]replace exe under backup dir.