ffuf-web-fuzzing
CommunityFuzz web apps faster, uncover hidden vulnerabilities.
Software Engineering#security#penetration testing#ffuf#reconnaissance#authenticated fuzzing#vulnerability discovery#web fuzzing
Authordanielmiessler
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Traditional web fuzzing is often slow, noisy, and prone to false positives, making it inefficient for penetration testing. This skill provides expert guidance for ffuf (Fuzz Faster U Fool), a high-speed web fuzzer, enabling efficient discovery of hidden content and vulnerabilities with significantly reduced noise.
Core Features & Use Cases
- Automated Noise Reduction: Emphasizes
auto-calibration (-ac)to automatically detect and filter out repetitive false positive responses, making results clearer and analysis much faster. - Authenticated Fuzzing: Guides on using raw HTTP requests for complex authenticated scenarios, allowing fuzzing with JWT tokens, session cookies, and custom headers.
- Use Case: During a penetration test, you need to find hidden admin panels, API endpoints, or IDOR vulnerabilities. Use this skill to quickly fuzz directories, parameters, or headers, even with complex authentication, and get actionable results.
Quick Start
Basic directory fuzzing with auto-calibration (ALWAYS USE -ac)
ffuf -w /path/to/wordlist.txt -u https://target.com/FUZZ -ac
Dependency Matrix
Required Modules
ffuf
Components
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ffuf-web-fuzzing Download link: https://github.com/danielmiessler/Personal_AI_Infrastructure/archive/main.zip#ffuf-web-fuzzing Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.