Skip to content

Instantly share code, notes, and snippets.

@Shaked

Shaked/ffuf.md

Last active December 30, 2019 15:54
Show Gist options
  • Save Shaked/492e210df014a828a9640810a5493508 to your computer and use it in GitHub Desktop.
Save Shaked/492e210df014a828a9640810a5493508 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ffuf.md

I use this function in my .zshrc file

Fuzz with stdin

fuzz-in() {
	strip=$(echo $1|sed 's/:\/\///')
	strip=$(echo $strip| sed 's/\\/\-/g')
	strip=$(echo $strip| sed 's/\//-/g')
	ffuf -u $1 -t 10 -o $strip.fuzz.txt -of md -p 1 "${@:2}" -w -
	echo "cat $strip.fuzz.txt"
}

cat ~/tools/custom/wordlist-unique.txt | fuzz-in https://example.com/FUZZ -t 10 -mc all

OR cat ~/tools/custom/wordlist-ext.txt | fuzz-in https://example.com/FUZZ -e php,log -t 100 -mc all -fw 40

This will automatically save example.com.fuzz.txt output file.

Multihost fuzzing for quickhits

multifuzz() {
	while read p; do
		strip=$(echo $p|sed 's/:\/\///')
		strip=$(echo $strip| sed 's/\\/\-/g')
		echo "Fuzzing: $p ($strip)"
		fuzz ~/tools/SecLists/Discovery/Web-Content/quickhits.txt $p/FUZZ -t 10 -p "0.1-0.2" -se > $strip.quickhits.txt
		echo "Sleeping for 1m"
		sleep 1m
	done < $1
}

$ multifuzz /path/to/servers.httprobe.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment