How to use ffuf - Hacker Toolbox

ffuf is quickly becoming a key tool for bug bounty hunters, but how do you use it? In this video I start at the basics showing some really neat features of ffuf and how you can use some simple one-liners to do rather complex fuzzing!

Did you know this episode was sponsored by Intigriti? Sign up with my link http://go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!

ffuf is well known as a brute-forcing tool, but did you know it can be used for so much more than directory discovery?? I didn't! The FUZZ keyword is so powerful you can use it to fuzz headers, parameters, and add filters to cut down false positives. With the right wordlist ffuf can become the go-to tool for bug hunting.

Resources
- ffuf : https://github.com/ffuf/ffuf
- Installing ffuf into the PATH OSX : https://superuser.com/questions/7150/...
- Installing ffuf into the PATH Windows : https://superuser.com/questions/15560...
- SecLists : https://github.com/danielmiessler/Sec...
- TomNomNom's talk : Who, What, Where, When, Wordlist by @...
- Here are the one-liners I use: https://gist.github.com/InsiderPhD/5c...
- My ffuf translator: https://insiderphd.dev/tools/ffuf.html
- 0xatul's jq translator: https://jqplay.org/s/x8xFbIk6S8
- Patrik's jq translator: Twitter: 1301086393108758528

Connect with me
- Twitter : Twitter: InsiderPhD
- InsiderPhD Discord : Discord: discord
- Patreon : Patreon: insiderphd

• #entertainment
• #ffuf
• #how_to_use_ffuf
• #how_to_fuzz
• #fuzzing_tutorial
• #insiderphp
• #insider_phd
• #bug_bounty
• #insider_phd_api
• #api_hacking
• #api_hacking_bug_bounty
• #api_hacking_tools
• #bug_bounty_recon_tools
• #recon_bug_bounty
• #recon_bug_hunting
• #bug_hunting_live
• #bug_bounty_live
• #ethical_hacking
• #how_to_do_recon
• #fuzzing_web_applications
• #ffuf_fuzzing
• #ffuf_tutorial