D3F4
>Loading command center_
Fast web fuzzer written in Go. Fuzz directories, subdomains, virtual hosts, parameters, and POST data with high performance and flexible filtering.
Official docsFuzz directories on a web server using a wordlist
ffuf -u http://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txtDiscover subdomains by fuzzing the host header
ffuf -u http://target.com -H 'Host: FUZZ.target.com' -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txtFuzz for files with specific extensions
ffuf -u http://target.com/FUZZ -w wordlist.txt -e .php,.html,.txt,.bakExclude unwanted status codes from results
ffuf -u http://target.com/FUZZ -w wordlist.txt -fc 404,403,500Exclude responses matching a specific byte size
ffuf -u http://target.com/FUZZ -w wordlist.txt -fs 4242Fuzz POST parameters such as login fields
ffuf -u http://target.com/login -X POST -d 'username=FUZZ&password=test' -w usernames.txt -fc 302Discover virtual hosts by fuzzing the Host header
ffuf -u http://target.com -H 'Host: FUZZ.target.com' -w subdomains.txt -fw 839Recursively fuzz discovered directories
ffuf -u http://target.com/FUZZ -w wordlist.txt -recursion -recursion-depth 2Limit requests per second to avoid detection or throttling
ffuf -u http://target.com/FUZZ -w wordlist.txt -rate 50Save fuzzing results to a JSON file for later analysis
ffuf -u http://target.com/FUZZ -w wordlist.txt -o results.json -of jsonOnly show responses matching a specific size
ffuf -u http://target.com/FUZZ -w wordlist.txt -ms 1234Add custom headers to each fuzzing request
ffuf -u http://target.com/FUZZ -w wordlist.txt -H 'Authorization: Bearer TOKEN' -H 'X-Custom: value'