Рет қаралды 45,846
ffuf is quickly becoming a key tool for bug bounty hunters, but how do you use it? In this video I start at the basics showing some really neat features of ffuf and how you can use some simple one-liners to do rather complex fuzzing!
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.co... I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
ffuf is well known as a brute-forcing tool, but did you know it can be used for so much more than directory discovery?? I didn't! The FUZZ keyword is so powerful you can use it to fuzz headers, parameters, and add filters to cut down false positives. With the right wordlist ffuf can become the go-to tool for bug hunting.
Resources
ffuf : github.com/ffu...
Installing ffuf into the PATH OSX : superuser.com/...
Installing ffuf into the PATH Windows : superuser.com/...
SecLists : github.com/dan...
TomNomNom's talk : • Who, What, Where, When...
Here are the one-liners I use: gist.github.co...
My ffuf translator: insiderphd.dev...
0xatul's jq translator: jqplay.org/s/x...
Patrik's jq translator: / 1301086393108758528
Connect with me
Twitter : / insiderphd
InsiderPhD Discord : / discord
Patreon : / insiderphd