# ffuf — Fast Web Fuzzer Written in Go

> A fast and flexible web fuzzer for directory discovery, parameter brute-forcing, and virtual host enumeration used in penetration testing.

## Install

Save as a script file and run:

# ffuf — Fast Web Fuzzer Written in Go

## Quick Use
```bash
# Install
go install github.com/ffuf/ffuf/v2@latest
# Directory brute-force
ffuf -u https://target.com/FUZZ -w wordlist.txt
# Filter by status code
ffuf -u https://target.com/FUZZ -w wordlist.txt -fc 404
```

## Introduction
ffuf (Fuzz Faster U Fool) is a web fuzzer written in Go that has become the standard tool for content discovery in penetration testing. Its speed, flexibility, and clean output make it a preferred alternative to older tools like DirBuster and wfuzz.

## What ffuf Does
- Discovers hidden directories and files on web servers via wordlist-based fuzzing
- Brute-forces GET and POST parameters to find hidden endpoints
- Enumerates virtual hosts and subdomains by fuzzing the Host header
- Filters results by status code, response size, word count, or line count
- Supports multiple FUZZ keywords for multi-position fuzzing in a single request

## Architecture Overview
ffuf is a single Go binary that sends HTTP requests in parallel using a configurable number of goroutines. Each request replaces the FUZZ keyword with entries from one or more wordlists. A matcher/filter pipeline processes responses to suppress noise and surface interesting results. Results are output to stdout or saved in JSON, CSV, HTML, or Markdown format.

## Self-Hosting & Configuration
- Install via go install, download a release binary, or use package managers
- Provide wordlists via -w (supports multiple wordlists with different FUZZ keywords)
- Configure request rate with -rate to avoid overwhelming targets
- Set up ffufrc config file at ~/.ffufrc for persistent default options
- Use -replay-proxy to send interesting matches through Burp Suite for further analysis

## Key Features
- Multi-position fuzzing with FUZZ, FUZZ2, etc. for complex request templates
- Matcher and filter chains for status codes, sizes, words, lines, and regex
- Recursive scanning mode for automatic depth-first directory exploration
- HTTP/2 support and configurable timeouts for modern web targets
- Silent mode and machine-readable output for pipeline integration

## Comparison with Similar Tools
- **gobuster** — Go-based directory scanner, simpler but less flexible (no POST fuzzing, no multi-keyword)
- **wfuzz** — Python-based fuzzer with similar features but slower due to Python overhead
- **DirBuster** — legacy Java GUI tool, largely superseded by ffuf and gobuster
- **feroxbuster** — Rust-based recursive content discovery tool, strong at recursive crawling

## FAQ
**Q: How fast is ffuf compared to other fuzzers?**
A: ffuf typically outperforms Python-based fuzzers by 5-10x. With default settings it runs 40 concurrent threads, adjustable via -t.

**Q: Can ffuf be used for API endpoint discovery?**
A: Yes. Use POST method with -X POST, add headers with -H, and fuzz request bodies with -d to test API endpoints.

**Q: How do I reduce false positives?**
A: Use -fc to filter status codes, -fs to filter by response size, or -fw/-fl for word/line count. Run a calibration request first to identify baseline responses.

**Q: Does ffuf support authentication?**
A: Yes. Pass cookies with -b, headers with -H, or use -replay-proxy to route through an authenticated proxy.

## Sources
- https://github.com/ffuf/ffuf
- https://codingo.io/tools/ffuf/bounty/2020/09/17/everything-you-need-to-know-about-ffuf.html

---
Source: https://tokrepo.com/en/workflows/asset-2c9cb5e5
Author: Script Depot