FFUF
요즘 사용하는 web fuzzer. Go라 속도가 빠르다.
Install
brew로 간단하게 설치 가능하다.
brew install ffuf
Usage
FUZZ에 -w에 옵션으로 준 워드 리스트를 넣어서 퍼징을 수행한다.
ex) URL의 FUZZ 부분에 directory-list-medium.txt의 파일을 순차적으로 퍼징
ffuf -u http://example.com/FUZZ -w ~/tool/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txtOPTIONS
- -mc: Match HTTP status codes
- -fs: Filter HTTP response size
- -fc: Filter HTTP status codes
- -fr: Filter regexp
- -c: Colorize
vHOST
ffuf -c -mc all -w ~/tool/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -u http://example.com -H "Host: FUZZ.example.com" -fs 11952도메인
ffuf -u https://FUZZDOMAIN/FUZZDIR -w ./domains.txt:FUZZDOMAIN,./wordlist.txt:FUZZDIRPOST 데이터
ffuf -w usernames.txt:W1,/usr/local/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://example.com/login -fc 200ffuf -w entries.txt -u https://example.org/ -X POST -H "Content-Type: application/json" -d '{"name": "FUZZ", "anotherkey": "anothervalue"}' -fr "error"Words List
SecLists
wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip && unzip SecList.zip && rm -f SecList.zipWordlists
git clone https://github.com/3ndG4me/KaliLists.git /usr/local/share/wordlists && gzip -d /usr/local/share/wordlists/rockyou.txt.gz