foglar/ffuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prepare for release 1.0 (#144)

Browse Source
This commit is contained in:
Joona Hoikkala 2020-01-30 00:28:28 +02:00 committed by GitHub
parent afece7bf2b
commit bb59f50cbe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 77 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

167
README.md
View File

@ -90,99 +90,84 @@ ffuf --input-cmd 'cat $FFUF_NUM.txt' -H "Content-Type: application/json" -X POST
To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-u`), headers (`-H`), or POST data (`-d`). To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-u`), headers (`-H`), or POST data (`-d`).
``` ```
Usage of ffuf: Fuzz Faster U Fool - v1.0
-D DirSearch style wordlist compatibility mode. Used in conjunction with -e flag. Replaces %EXT% in wordlist entry with each of the extensions provided by -e.
-H "Name: Value" HTTP OPTIONS:
Header "Name: Value", separated by colon. Multiple -H flags are accepted. -H Header `"Name: Value"`, separated by colon. Multiple -H flags are accepted.
-V Show version information. -X HTTP method to use (default: GET)
-X string -b Cookie data `"NAME1=VALUE1; NAME2=VALUE2"` for copy as curl functionality.
HTTP method to use (default "GET") -d POST data
-ac -r Follow redirects (default: false)
Automatically calibrate filtering options -recursion Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false)
-acc value -recursion-depth Maximum recursion depth. (default: 0)
Custom auto-calibration string. Can be used multiple times. Implies -ac -replay-proxy Replay matched requests using this proxy.
-b "NAME1=VALUE1; NAME2=VALUE2" -timeout HTTP request timeout in seconds. (default: 10)
Cookie data "NAME1=VALUE1; NAME2=VALUE2" for copy as curl functionality. -u Target URL
Results unpredictable when combined with -H "Cookie: ..." -x HTTP Proxy URL
-c Colorize output.
-compressed GENERAL OPTIONS:
Dummy flag for copy as curl functionality (ignored) (default true) -V Show version information. (default: false)
-cookie value -ac Automatically calibrate filtering options (default: false)
Cookie data (alias of -b) -acc Custom auto-calibration string. Can be used multiple times. Implies -ac
-d string -c Colorize output. (default: false)
POST data -maxtime Maximum running time in seconds. (default: 0)
-data string -p Seconds of `delay` between requests, or a range of random delay. For example "0.1" or "0.1-2.0"
POST data (alias of -d) -s Do not print additional information (silent mode) (default: false)
-data-ascii string -sa Stop on all error cases. Implies -sf and -se. (default: false)
POST data (alias of -d) -se Stop on spurious errors (default: false)
-data-binary string -sf Stop when > 95% of responses return 403 Forbidden (default: false)
POST data (alias of -d) -t Number of concurrent threads. (default: 40)
-debug-log string -v Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
Write all of the internal logging to the specified file.
-e string MATCHER OPTIONS:
Comma separated list of extensions to apply. Each extension provided will extend the wordlist entry once. Only extends a wordlist with (default) FUZZ keyword. -mc Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403)
-fc string -ml Match amount of lines in response
Filter HTTP status codes from response. Comma separated list of codes and ranges -mr Match regexp
-fl string -ms Match HTTP response size
Filter by amount of lines in response. Comma separated list of line counts and ranges -mw Match amount of words in response
-fr string
Filter regexp FILTER OPTIONS:
-fs string -fc Filter HTTP status codes from response. Comma separated list of codes and ranges
Filter HTTP response size. Comma separated list of sizes and ranges -fl Filter by amount of lines in response. Comma separated list of line counts and ranges
-fw string -fr Filter regexp
Filter by amount of words in response. Comma separated list of word counts and ranges -fs Filter HTTP response size. Comma separated list of sizes and ranges
-i Dummy flag for copy as curl functionality (ignored) (default true) -fw Filter by amount of words in response. Comma separated list of word counts and ranges
-input-cmd value
Command producing the input. --input-num is required when using this input method. Overrides -w. INPUT OPTIONS:
-input-num int -D DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false)
Number of inputs to test. Used in conjunction with --input-cmd. (default 100) -e Comma separated list of extensions. Extends FUZZ keyword.
-k TLS identity verification -ic Ignore wordlist comments (default: false)
-maxtime int -input-cmd Command producing the input. --input-num is required when using this input method. Overrides -w.
Maximum running time in seconds. (default 0 = inf.) -input-num Number of inputs to test. Used in conjunction with --input-cmd. (default: 100)
-mc string -mode Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default: clusterbomb)
Match HTTP status codes from respose, use "all" to match every response code. (default "200,204,301,302,307,401,403") -request File containing the raw http request
-ml string -request-proto Protocol to use along with raw request (default: https)
Match amount of lines in response -w Wordlist file path and (optional) keyword separated by colon. eg. '/path/to/wordlist:KEYWORD'
-mode string
Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork (default "clusterbomb") OUTPUT OPTIONS:
-mr string -debug-log Write all of the internal logging to the specified file.
Match regexp -o Write output to file
-ms string -od Directory path to store matched results to.
Match HTTP response size -of Output file format. Available formats: json, ejson, html, md, csv, ecsv (default: json)
-mw string
Match amount of words in response EXAMPLE USAGE:
-o string Fuzz file paths from wordlist.txt, match all responses but filter out those with content-size 42.
Write output to file Colored, verbose output.
-od string ffuf -w wordlist.txt -u https://example.org/FUZZ -mc all -fs 42 -c -v
Directory path to store matched results to.
-of string Fuzz Host-header, match HTTP 200 responses.
Output file format. Available formats: json, ejson, html, md, csv, ecsv (default "json") ffuf -w hosts.txt -u https://example.org/ -H "Host: FUZZ" -mc 200
-p delay
Seconds of delay between requests, or a range of random delay. For example "0.1" or "0.1-2.0" Fuzz POST JSON data. Match all responses not containing text "error".
-r Follow redirects ffuf -w entries.txt -u https://example.org/ -X POST -H "Content-Type: application/json" \
-s Do not print additional information (silent mode) -d '{"name": "FUZZ", "anotherkey": "anothervalue"}' -fr "error"
-sa
Stop on all error cases. Implies -sf and -se. Also stops on spurious 429 response codes. Fuzz multiple locations. Match only responses reflecting the value of "VAL" keyword. Colored.
-se ffuf -w params.txt:PARAM -w values.txt:VAL -u https://example.org/?PARAM=VAL -mr "VAL" -c
Stop on spurious errors
-sf More information and examples: https://github.com/ffuf/ffuf
Stop when > 95% of responses return 403 Forbidden
-t int
Number of concurrent threads. (default 40)
-timeout int
HTTP request timeout in seconds. (default 10)
-u string
Target URL
-v Verbose output, printing full URL and redirect location (if any) with the results.
-w value
Wordlist file path and (optional) custom fuzz keyword, using colon as delimiter. Use file path '-' to read from standard input. Can be supplied multiple times. Format: '/path/to/wordlist:KEYWORD'
-x string
HTTP Proxy URL
``` ```
eg. `ffuf -u https://example.org/FUZZ -w /path/to/wordlist`
## License ## License
ffuf is released under MIT license. See [LICENSE](https://github.com/ffuf/ffuf/blob/master/LICENSE). ffuf is released under MIT license. See [LICENSE](https://github.com/ffuf/ffuf/blob/master/LICENSE).

2
pkg/ffuf/const.go
View File

@ -2,5 +2,5 @@ package ffuf
const ( const (
//VERSION holds the current version number //VERSION holds the current version number
VERSION = "1.0-rc1" VERSION = "1.0"
) )