Repository inventory

jthack/ffuf_claude_skill

Skills indexed from this repository, with install-style signals scoped to the repo.
1 skills117 GitHub stars0 weekly installsPythonGitHubOwner profile

Overview

This skill provides expert guidance for using ffuf (Fuzz Faster U Fool) during web penetration tests, with a focus on authenticated fuzzing, auto-calibration, and result analysis. It explains practical commands, raw-request workflows, filtering and output options, and timing controls to run reliable, high-value scans. The goal is to help you find hidden endpoints, parameters, and vulnerabilities while minimizing noise and avoiding target disruption.

How this skill works

The skill explains how ffuf replaces the FUZZ placeholder across URLs, headers, and bodies using single or multiple wordlists and modes (clusterbomb, pitchfork, sniper). It shows how to feed raw HTTP requests for authenticated endpoints, how to enable auto-calibration (-ac) to reduce false positives, and how to apply matchers/filters to isolate meaningful responses. It also covers rate control, proxies, encoding, and output formats for automated analysis.

When to use it

  • Directory and file discovery on web servers.
  • Authenticated API and endpoint fuzzing requiring cookies, tokens, or custom headers.
  • Subdomain enumeration using virtual host header fuzzing.
  • Parameter and POST field testing for injection or logic flaws.
  • Stealth scans against production targets with rate limiting and delays

Best practices

  • Always enable auto-calibration (-ac) to remove repetitive false positives and improve analysis quality.
  • Capture full authenticated requests and use --request with FUZZ for reliable authenticated fuzzing.
  • Save results in JSON/CSV/HTML for post-processing and automated analysis.
  • Start with conservative rate/threads (-rate, -t) and increase if safe; use delays (-p) to avoid WAF/IDS.
  • Tune filters after observing a default response (use -fs, -fc, -fr) rather than guessing values.

Example use cases

  • Find hidden admin panels: ffuf -w wordlist.txt -u https://target.com/FUZZ -ac -mc 200,301,302
  • Authenticated IDOR testing: save request with FUZZ in ID, then ffuf --request req.txt -w ids.txt -ac -mc 200
  • API endpoint discovery with tokens: ffuf -w api-endpoints.txt -u https://api.target.com/v1/FUZZ -H "Authorization: Bearer TOKEN" -ac -mc 200
  • Subdomain enumeration via Host header: ffuf -w subdomains.txt -u https://target.com -H "Host: FUZZ.target.com" -ac
  • POST login brute force (stealth): ffuf -w passwords.txt -X POST -d "username=admin&password=FUZZ" -u https://target.com/login -rate 2 -ac -fc 401

FAQ

Auto-calibration identifies and filters repetitive false positives and dynamic content patterns so you focus on anomalies; it dramatically reduces noise for both human and automated analysis.

When should I use raw requests?

Use raw requests when the target requires complex auth headers, cookies, CSRF tokens, or non-standard request shapes—capture an authenticated request, place FUZZ, and run --request.

1 skills

More from this maintainer
Other repositories and skills published under the same GitHub owner.
Skills library
Jump back to the full directory or explore grouped topics.
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational