Details

Category: Fuzzing

Publisher: trickest-mhmdiaa

Created Date: 2/9/2022

Container: quay.io/trickest/ffuf:v2.1.0

Source URL: https://github.com/ffuf/ffuf

Parameters

raw
boolean
Command: -raw - Do not encode URI (default: false)
sni
string
Command: -sni - Target TLS SNI, does not support FUZZ keyword
url
string
required
Command: -u - Target URL
json
boolean
Command: -json - JSON output, printing newline-delimited JSON records (default: false)
mode
string
Command: -mode - Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork, sniper (default: clusterbomb)
rate
string
Command: -rate - Rate of requests per second (default: 0)
delay
string
Command: -p - Seconds of `delay` between requests, or a range of random delay. For example 0.1 or 0.1-2.0
http2
boolean
Command: -http2 - Use HTTP2 protocol (default: false)
config
file
Command: -config - Load configuration from a file
header
string
Command: -H - Header `Name: Value`, separated by colon
search
string
Command: -search - Search for a FFUFHASH payload from ffuf history
silent
boolean
Command: -s - Do not print additional information (silent mode) (default: false)
maxtime
string
Command: -maxtime - Maximum running time in seconds for entire process. (default: 0)
request
file
Command: -request - File containing the raw http request
threads
string
Command: -t - Number of concurrent threads. (default: 40)
timeout
string
Command: -timeout - HTTP request timeout in seconds. (default: 10)
verbose
boolean
Command: -v - Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
encoders
string
Command: -enc - Encoders for keywords, eg. 'FUZZ:urlencode b64encode'
scrapers
string
Command: -scrapers - Active scraper groups (default: all)
wordlist
file
required
Command: -w - Wordlist file path and (optional) keyword separated by colon.
input-cmd
string
Command: -input-cmd - Command producing the input. --input-num is required when using this input method. Overrides -w.
input-num
string
Command: -input-num - Number of inputs to test. Used in conjunction with --input-cmd. (default: 100)
post-data
string
Command: -d - POST data
recursion
boolean
Command: -recursion - Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false)
client-key
file
Command: -ck - Client key for authentication. Client certificate needs to be defined as well for this to work
extensions
string
Command: -e - Comma separated list of extensions. Extends FUZZ keyword.
match-time
string
Command: -mt - Match how many milliseconds to the first response byte, either greater or less than. EG: >100 or <100
client-cert
file
Command: -cc - Client cert for authentication. Client key needs to be defined as well for this to work
cookie-data
string
Command: -b - Cookie data
filter-mode
string
Command: -fmode - Filter set operator. Either of: and, or (default: or)
filter-time
string
Command: -ft - Filter by number of milliseconds to the first response byte, either greater or less than. EG: >100 or <100
http-method
string
Command: -X - HTTP method to use (default: GET)
ignore-body
boolean
Command: -ignore-body - Do not fetch the response content. (default: false)
input-shell
string
Command: -input-shell - Shell to be used for running command
match-lines
string
Command: -ml - Match amount of lines in response
match-words
string
Command: -mw - Match amount of words in response
maxtime-job
string
Command: -maxtime-job - Maximum running time in seconds per job. (default: 0)
scraperfile
file
Command: -scraperfile - Custom scraper file path
color-output
boolean
Command: -c - Colorize output
filter-lines
string
Command: -fl - Filter by amount of lines in response. Comma separated list of line counts and ranges
filter-words
string
Command: -fw - Filter by amount of words in response. Comma separated list of word counts and ranges
match-regexp
string
Command: -mr - Match regexp
matcher-mode
string
Command: -mmode - Matcher set operator. Either of: and, or (default: or)
replay-proxy
string
Command: -replay-proxy - Replay matched requests using this proxy.
filter-regexp
string
Command: -fr - Filter regexp
output-format
string
Command: -of - Output file format. Available formats: json, ejson, html, md, csv, ecsv (default: json)
request-proto
string
Command: -request-proto - Protocol to use along with raw request (default: https)
http-proxy-url
string
Command: -x - Proxy URL (SOCKS5 or HTTP). For example: http://127.0.0.1:8080 or socks5://127.0.0.1:8080
autocalibration
boolean
Command: -ac - Automatically calibrate filtering options (default: false)
recursion-depth
string
Command: -recursion-depth - Maximum recursion depth. (default: 0)
follow-redirects
boolean
Command: -r - Follow redirects (default: false)
stop-on-forbidden
boolean
Command: -sf - Stop when > 95% of responses return 403 Forbidden (default: false)
match-status-codes
string
Command: -mc - Match HTTP status codes, or all for everything. (default: 200,204,301,302,307,401,403
recursion-strategy
string
Command: -recursion-strategy - Recursion strategy: default for a redirect based, and greedy to recurse on all matches (default: default)
stop-on-all-errors
boolean
Command: -sa - Stop on all error cases. Implies -sf and -se. (default: false)
filter-status-codes
string
Command: -fc - Filter HTTP status codes from response. Comma separated list of codes and ranges
match-response-size
string
Command: -ms - Match HTTP response size
filter-response-size
string
Command: -fs - Filter HTTP response size. Comma separated list of sizes and ranges
host-autocalibration
boolean
Command: -ach - Per host autocalibration (default: false)
custom-autocalibration
string
Command: -acc - Custom auto-calibration string. Can be used multiple times. Implies -ac
output-skip-empty-file
boolean
Command: -or - Don't create the output file if we don't have results (default: false)
autocalibration-keyword
string
Command: -ack - Autocalibration keyword (default: FUZZ)
stop-on-spurious-errors
boolean
Command: -se - Stop on spurious errors (default: false)
autocalibration-strategy
string
Command: -acs - Custom auto-calibration strategies. Can be used multiple times. Implies -ac
dont-fetch-response-body
boolean
Command: -ignore-body - Do not fetch the response content. (default: false)
ignore-wordlist-comments
boolean
Command: -ic - Ignore wordlist comments (default: false)
dirsearch-wordlist-compatibility-mode
boolean
Command: -D - DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false)