FFUF Web Fuzzing
Fast web fuzzer for discovering hidden content, directories, files, and vulnerabilities during penetration testing
What is it?
Expert guidance for using ffuf (Fuzz Faster U Fool), a fast web fuzzer designed for discovering hidden content, directories, files, subdomains, and testing for vulnerabilities during penetration testing. Significantly faster than traditional tools like dirb or dirbuster, with a core focus on auto-calibration to dramatically reduce false positives and make results analysis easier for both humans and AI.
How to use it?
The skill emphasizes a best-practices workflow:
-
Always Use Auto-Calibration - The
-acflag is mandatory for productive pentesting. It automatically detects and filters repetitive false positives, removes noise from dynamic websites, and adapts to the target's specific behavior. -
Basic Discovery - Start with simple directory fuzzing:
ffuf -w wordlist.txt -u https://target.com/FUZZ -ac -
Authenticated Fuzzing - For complex authentication, use raw requests instead of command-line flags:
- Capture authenticated request from Burp Suite or DevTools
- Save to
req.txtwith FUZZ keyword in desired location - Run:
ffuf --request req.txt -w wordlist.txt -ac
-
Advanced Scenarios - Subdomain enumeration, parameter fuzzing, API endpoint discovery, and vulnerability testing with appropriate filtering and rate limiting.
Always save results (-o results.json -of json) and use rate limiting for stealth (-rate 2 -t 10).
Key Features
- Auto-calibration (-ac flag) - Automatically filters repetitive responses and adapts to target behavior
- High-speed fuzzing - Multi-threaded concurrent processing, significantly faster than dirb/dirbuster
- Authenticated fuzzing with raw requests - Supports JWT tokens, session cookies, CSRF tokens via captured HTTP requests
- Comprehensive testing capabilities - Directory/file discovery, subdomain enumeration, parameter fuzzing, API endpoints, vulnerability testing
- Advanced filtering system - Filter by status code, size, regex, line count; interactive mode for runtime adjustments
- Stealth features - Rate limiting and thread control for avoiding detection
- Result preservation - JSON output format for programmatic analysis and reporting
- Defensive security focus - Designed for authorized penetration testing, security research, and responsible disclosure
Related Skills
More from SecurityCodebase Auditor
Comprehensive codebase audit across 6 dimensions: architecture, code quality, security (OWASP Top 10), performance, testing coverage, and maintainability with prioritized action plan
Web App Testing
Test local web applications using Playwright for UI verification and debugging
Superpowers
A comprehensive workflow system for Claude with 20 proven development techniques
Download FFUF Web Fuzzing
FFUF Web Fuzzing is free and open source. Download it from the official source repository — clone it with git or use GitHub's Download ZIP option on the repo page — then copy the skill folder into your project's .claude/skills/ directory to install it.
If you are an AI agent
Query this directory over HTTP
This site is a searchable directory of harness components for AI coding agents. Fetch objective JSON — names, descriptions, stars, and source links. Installation and selection are yours to decide.
GET https://claudeskills.info/api/v1/search?q=ui%2Fux
GET https://claudeskills.info/api/v1/search?type=subagent&q=review
GET https://claudeskills.info/api/v1/meta
See https://claudeskills.info/llms.txt