💡FFUF 툴을 사용해 웹퍼징을 할 수 있다.
==========Directory Fuzzing
ffuf -w ./SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://83.136.254.177:53737/FUZZ -t 1000
==========Page Fuzzing
ffuf -w ./Seclists/Discovery/Web-Content/directory-list-2.3-small.txt -u http://83.136.254.177:53737/blog/FUZZ.php
==========Recursive Fuzzing
ffuf -w ./Seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://83.136.254.177:53737/FUZZ -recursion -recursion-depth 1 -e .php -v -fs 986
ffuf -w ./SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://83.136.254.177:53737/forum/FUZZ.php -t 1000
==========DNS Record
ffuf -w ./SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.inlanefreight.com/
==========Filtering Result
ffuf -w ./SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://academy.htb:56733/ -H 'Host: FUZZ.academy.htb' -fs 986
========= Parameter Fuzzing - GET
ffuf -w ./SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://admin.academy.htb:56733/admin/admin.php?FUZZ=key -fs 798
========= Parameter Fuzzing - POST
ffuf -w ./SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://admin.academy.htb:56733/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs 798
curl admin.academy.htb:56733/admin/admin.php -X POST -d 'id=key' -H 'Content-Type: application/x-www-form-urlencoded'
========= Value Fuzzing
ffuf -w ids.txt:FUZZ -u http://admin.academy.htb:56733/admin/admin.php -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded' -fs 768
curl -d "id=73" http://admin.academy.htb:56733/admin/admin.php
========= Skills Assessment - Web Fuzzing
Q1. alphabet 순서대로 공백으로 분리해서 정답 입력(ex: alpha, beta ..)
ffuf -w ./SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://academy.htb:57733 -H "Host: FUZZ.academy.htb" -fs 985
Q2. (ex: .ext1, .ext2, .ext3 ..)
ffuf -w ./SecLists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://academy.htb:57733/indexFUZZ
ffuf -w ./SecLists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://test.academy.htb:57733/indexFUZZ
ffuf -w ./SecLists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://archive.academy.htb:57733/indexFUZZ
ffuf -w ./SecLists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://faculty.academy.htb:57733/indexFUZZ
Q3.
ffuf -w ./Seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://faculty.academy.htb:40734/FUZZ -recursion -recursion-depth 1 -e .php,.phps,.php7 -v -t 1000 -fs 287,284 -ic;
ffuf -w ./Seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://faculty.academy.htb:40734/courses/FUZZ -recursion -recursion-depth 1 -e .php,.phps,.php7 -v -t 1000 -fs 287,284 -ic;
Q4.
ffuf -w ./Seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://faculty.academy.htb:44030/courses/linux-security.php7 -X POST -d "FUZZ=bvasw" -H "Content-Type: application/x-www-form-urlencoded" -fs 774
Q5.
ffuf -w ./SecLists/Usernames/xato-net-10-million-usernames.txt:FUZZ -u http://faculty.academy.htb:32528/courses/linux-security.php7 -X POST -d "username=FUZZ" -H "Content-Type: application/x-www-form-urlencoded" -t 1000 -fs 781
curl http://faculty.academy.htb:32528/courses/linux-security.php7 -X POST -d "username=Harry" -H "Content-Type: application/x-www-form-urlencoded"
