#!/bin/bash
# -----------------------------------------
# ✅ ffuf 설치 (Kali 기준)
# -----------------------------------------
# 최신 설치: go 필요
# go install github.com/ffuf/ffuf/v2@latest
# 기본 설치:
# sudo apt install ffuf
# -----------------------------------------
# ✅ FUZZ 개념 설명
# -----------------------------------------
# ffuf는 URL, 헤더, 쿠키, POST 데이터, JSON 등에서 "FUZZ" 키워드를 찾아
# wordlist의 값들을 반복 대입해서 요청을 날리는 브루트포싱 도구이다.
# 예: http://target/FUZZ + wordlist.txt (admin, test) =>
# http://target/admin, http://target/test 요청됨
# 다양한 위치에 FUZZ 삽입 가능
# -----------------------------------------
# ✅ 디렉토리/파일 브루트포스
# -----------------------------------------
ffuf -u http://target/FUZZ -w /usr/share/seclists/Discovery/Web-Content/common.txt
ffuf -u http://target/FUZZ -w words.txt -e .php,.bak,.zip
ffuf -u http://target/FUZZ -w words.txt -recursion -recursion-depth 2
# -----------------------------------------
# ✅ GET 파라미터 Fuzz (ex. SQLi)
# -----------------------------------------
ffuf -u http://target/page.php?id=FUZZ -w sqli.txt
# -----------------------------------------
# ✅ POST 파라미터 Fuzz
# -----------------------------------------
ffuf -X POST -d "user=admin&pass=FUZZ" \
-u http://target/login.php \
-w passwords.txt \
-H "Content-Type: application/x-www-form-urlencoded"
# -----------------------------------------
# ✅ Blind SQL Injection - Time-based
# -----------------------------------------
ffuf -X POST -d "u=admin&p=FUZZ" \
-u http://target/login \
-w sleep_payloads.txt \
-H "Content-Type: application/x-www-form-urlencoded" \
-timeout 10 -p 1
# -----------------------------------------
# ✅ JSON 내부 필드 Fuzz
# -----------------------------------------
ffuf -u http://target/api \
-X POST \
-d '{"username":"admin", "password":"FUZZ"}' \
-w pass.txt \
-H "Content-Type: application/json"
# -----------------------------------------
# ✅ Header Fuzz - User-Agent 조작
# -----------------------------------------
ffuf -u http://target/ -w ua.txt -H "User-Agent: FUZZ"
# -----------------------------------------
# ✅ Cookie 값 FUZZ
# -----------------------------------------
ffuf -u http://target/dashboard -w sqli.txt -b "session=FUZZ"
# -----------------------------------------
# ✅ Host Header 조작 (VHost 찾기)
# -----------------------------------------
ffuf -u http://target/ -w vhosts.txt -H "Host: FUZZ"
# -----------------------------------------
# ✅ Referer Fuzz
# -----------------------------------------
ffuf -u http://target/ -w referer.txt -H "Referer: FUZZ"
# -----------------------------------------
# ✅ Content-Type 우회
# -----------------------------------------
ffuf -u http://target/upload \
-X POST -d "file=data" \
-w ct.txt -H "Content-Type: FUZZ"
# -----------------------------------------
# ✅ 다중 FUZZ: FUZZ1, FUZZ2
# -----------------------------------------
ffuf -X POST -d "u=FUZZ1&p=FUZZ2" \
-u http://target/login \
-w users.txt:FUZZ1 -w passwords.txt:FUZZ2 \
-H "Content-Type: application/x-www-form-urlencoded"
# -----------------------------------------
# ✅ 응답 필터링 (내용 포함/제외, 상태코드 등)
# -----------------------------------------
ffuf -u http://target/FUZZ -w wordlist.txt -mc 200,302
ffuf -u http://target/FUZZ -w wordlist.txt -fc 404
ffuf -u http://target/FUZZ -w wordlist.txt -mr "Welcome"
ffuf -u http://target/FUZZ -w wordlist.txt -fs 1234
# -----------------------------------------
# ✅ 결과 저장
# -----------------------------------------
ffuf -u http://target/FUZZ -w wordlist.txt -o out.json -of json
# -----------------------------------------
# ✅ LFI 탐지
# -----------------------------------------
ffuf -u http://target/index.php?file=FUZZ \
-w /usr/share/seclists/Fuzzing/LFI/LFI-Jhaddix.txt \
-mr "<?php" -mc 200
# -----------------------------------------
# ✅ 명령어 인젝션 (Command Injection)
# -----------------------------------------
ffuf -X POST -d "ip=FUZZ" \
-u http://target/ping \
-w cmd_payloads.txt \
-H "Content-Type: application/x-www-form-urlencoded" \
-mr "icmp_seq"
# -----------------------------------------
# ✅ 서브도메인 브루트포스
# -----------------------------------------
ffuf -u http://FUZZ.target.com -w subdomains.txt -H "Host: FUZZ.target.com"
# -----------------------------------------
# ✅ VHost (Host 헤더) 찾기
# -----------------------------------------
ffuf -u http://target/ -w vhosts.txt -H "Host: FUZZ.site.com"
# -----------------------------------------
# ✅ 참고: wordlist 종류 (Kali 기본)
# -----------------------------------------
# /usr/share/seclists/Discovery/Web-Content/
# /usr/share/seclists/Fuzzing/LFI*
# /usr/share/seclists/Discovery/DNS/*
# /usr/share/seclists/Fuzzing/Command-Injection.txt
# /usr/share/seclists/Usernames/Default-Credentials*
# -----------------------------------------
# ✅ 팁
# - 단순 FUZZ 자리에만 넣을 수 있는 것이 아님
# - 헤더/쿠키/Body 등 대부분 위치에 삽입 가능
# - ffuf는 빠르고 가볍고 결과 정리도 좋아서 OSCP 시험에서도 매우 유용
for wordlist in *.txt; do
echo "[*] Running with: $wordlist" >> ffuf_results.txt
ffuf -u http://10.10.146.217/mbilling/FUZZ \
-w "$wordlist" \
-mc 200,301,302,403 \
-t 40 \
-of csv \
-o temp_result.csv
# 성공한 결과만 누적 (헤더 제외)
tail -n +2 temp_result.csv >> ffuf_results.txt
echo "" >> ffuf_results.txt
done
DevSecOps, Pentest, Cloud(OpenStack), Develop, Data Engineering, AI-Agent