ffuf

Basic command:

ffuf -c -ic -w <path to wordlist> -o <output file> -of csv -u http://url/FUZZ

-c Adds color -ic Ignores comments in the word list

Rate limit:

ffuf -c -ic -p 2 -w <path to wordlist> -o <output file> -of csv -u http://url/FUZZ

This will limit the requests to one every two seconds. You can also add a bit of randomization to the request times by adding a range such as 2-3 for 2 to three seconds.

When you are directory busting you should also include a couple of file extensions such as .txt .php

PreviousZAP NextNikto

Last updated 4 years ago