Skip to main content
Name:ffuf
Category:Fuzzing
Publisher:trickest
Created:6/23/2021
Container:quay.io/trickest/ffuf:v2.1.0-patch-3
Output Type:
License:Unknown

Parameters

raw
boolean
-rawDo not encode URI (default: false)
sni
string
-sniTarget TLS SNI, does not support FUZZ keyword
url
string
required
-uTarget URL
json
boolean
-jsonJSON output, printing newline-delimited JSON records (default: false)
mode
string
-modeMulti-wordlist operation mode. Available modes: clusterbomb, pitchfork, sniper (default: clusterbomb)
rate
string
-rateRate of requests per second (default: 0)
delay
string
-pSeconds of `delay` between requests, or a range of random delay. For example 0.1 or 0.1-2.0
http2
boolean
-http2Use HTTP2 protocol (default: false)
config
file
-configLoad configuration from a file
header
string
-HHeader `Name: Value`, separated by colon
search
string
-searchSearch for a FFUFHASH payload from ffuf history
silent
boolean
-sDo not print additional information (silent mode) (default: false)
maxtime
string
-maxtimeMaximum running time in seconds for entire process. (default: 0)
request
file
-requestFile containing the raw http request
threads
string
-tNumber of concurrent threads. (default: 40)
timeout
string
-timeoutHTTP request timeout in seconds. (default: 10)
verbose
boolean
-vVerbose output, printing full URL and redirect location (if any) with the results. (default: false)
encoders
string
-encEncoders for keywords, eg. 'FUZZ:urlencode b64encode'
scrapers
string
-scrapersActive scraper groups (default: all)
wordlist
file
required
-wWordlist file path and (optional) keyword separated by colon.
input-cmd
string
-input-cmdCommand producing the input. --input-num is required when using this input method. Overrides -w.
input-num
string
-input-numNumber of inputs to test. Used in conjunction with --input-cmd. (default: 100)
post-data
string
-dPOST data
recursion
boolean
-recursionScan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false)
client-key
file
-ckClient key for authentication. Client certificate needs to be defined as well for this to work
extensions
string
-eComma separated list of extensions. Extends FUZZ keyword.
match-time
string
-mtMatch how many milliseconds to the first response byte, either greater or less than. EG: >100 or <100
client-cert
file
-ccClient cert for authentication. Client key needs to be defined as well for this to work
cookie-data
string
-bCookie data
filter-mode
string
-fmodeFilter set operator. Either of: and, or (default: or)
filter-time
string
-ftFilter by number of milliseconds to the first response byte, either greater or less than. EG: >100 or <100
header-file
file
-header-fileHeader `Name: Value`, separated by a newline
http-method
string
-XHTTP method to use (default: GET)
ignore-body
boolean
-ignore-bodyDo not fetch the response content. (default: false)
input-shell
string
-input-shellShell to be used for running command
match-lines
string
-mlMatch amount of lines in response
match-words
string
-mwMatch amount of words in response
maxtime-job
string
-maxtime-jobMaximum running time in seconds per job. (default: 0)
scraperfile
file
-scraperfileCustom scraper file path
color-output
boolean
-cColorize output
filter-lines
string
-flFilter by amount of lines in response. Comma separated list of line counts and ranges
filter-words
string
-fwFilter by amount of words in response. Comma separated list of word counts and ranges
match-regexp
string
-mrMatch regexp
matcher-mode
string
-mmodeMatcher set operator. Either of: and, or (default: or)
replay-proxy
string
-replay-proxyReplay matched requests using this proxy.
filter-regexp
string
-frFilter regexp
output-format
string
-ofOutput file format. Available formats: json, ejson, html, md, csv, ecsv (default: json)
request-proto
string
-request-protoProtocol to use along with raw request (default: https)
http-proxy-url
string
-xProxy URL (SOCKS5 or HTTP). For example: http://127.0.0.1:8080 or socks5://127.0.0.1:8080
autocalibration
boolean
-acAutomatically calibrate filtering options (default: false)
recursion-depth
string
-recursion-depthMaximum recursion depth. (default: 0)
follow-redirects
boolean
-rFollow redirects (default: false)
stop-on-forbidden
boolean
-sfStop when > 95% of responses return 403 Forbidden (default: false)
match-status-codes
string
-mcMatch HTTP status codes, or all for everything. (default: 200,204,301,302,307,401,403
recursion-strategy
string
-recursion-strategyRecursion strategy: default for a redirect based, and greedy to recurse on all matches (default: default)
stop-on-all-errors
boolean
-saStop on all error cases. Implies -sf and -se. (default: false)
filter-status-codes
string
-fcFilter HTTP status codes from response. Comma separated list of codes and ranges
match-response-size
string
-msMatch HTTP response size
filter-response-size
string
-fsFilter HTTP response size. Comma separated list of sizes and ranges
host-autocalibration
boolean
-achPer host autocalibration (default: false)
custom-autocalibration
string
-accCustom auto-calibration string. Can be used multiple times. Implies -ac
output-skip-empty-file
boolean
-orDon't create the output file if we don't have results (default: false)
autocalibration-keyword
string
-ackAutocalibration keyword (default: FUZZ)
stop-on-spurious-errors
boolean
-seStop on spurious errors (default: false)
autocalibration-strategy
string
-acsCustom auto-calibration strategies. Can be used multiple times. Implies -ac
dont-fetch-response-body
boolean
-ignore-bodyDo not fetch the response content. (default: false)
ignore-wordlist-comments
boolean
-icIgnore wordlist comments (default: false)
dirsearch-wordlist-compatibility-mode
boolean
-DDirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false)