- Home
- Skills
- Jthack
- Ffuf Claude Skill
- Ffuf Skill
ffuf-skill_skill
- Python
117
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill jthack/ffuf_claude_skill --skill ffuf-skill- ffuf_helper.py7.2 KB
- SKILL.md17.0 KB
Overview
This skill provides expert guidance for using ffuf (Fuzz Faster U Fool) during web penetration tests, with a focus on authenticated fuzzing, auto-calibration, and result analysis. It explains practical commands, raw-request workflows, filtering and output options, and timing controls to run reliable, high-value scans. The goal is to help you find hidden endpoints, parameters, and vulnerabilities while minimizing noise and avoiding target disruption.
How this skill works
The skill explains how ffuf replaces the FUZZ placeholder across URLs, headers, and bodies using single or multiple wordlists and modes (clusterbomb, pitchfork, sniper). It shows how to feed raw HTTP requests for authenticated endpoints, how to enable auto-calibration (-ac) to reduce false positives, and how to apply matchers/filters to isolate meaningful responses. It also covers rate control, proxies, encoding, and output formats for automated analysis.
When to use it
- Directory and file discovery on web servers.
- Authenticated API and endpoint fuzzing requiring cookies, tokens, or custom headers.
- Subdomain enumeration using virtual host header fuzzing.
- Parameter and POST field testing for injection or logic flaws.
- Stealth scans against production targets with rate limiting and delays
Best practices
- Always enable auto-calibration (-ac) to remove repetitive false positives and improve analysis quality.
- Capture full authenticated requests and use --request with FUZZ for reliable authenticated fuzzing.
- Save results in JSON/CSV/HTML for post-processing and automated analysis.
- Start with conservative rate/threads (-rate, -t) and increase if safe; use delays (-p) to avoid WAF/IDS.
- Tune filters after observing a default response (use -fs, -fc, -fr) rather than guessing values.
Example use cases
- Find hidden admin panels: ffuf -w wordlist.txt -u https://target.com/FUZZ -ac -mc 200,301,302
- Authenticated IDOR testing: save request with FUZZ in ID, then ffuf --request req.txt -w ids.txt -ac -mc 200
- API endpoint discovery with tokens: ffuf -w api-endpoints.txt -u https://api.target.com/v1/FUZZ -H "Authorization: Bearer TOKEN" -ac -mc 200
- Subdomain enumeration via Host header: ffuf -w subdomains.txt -u https://target.com -H "Host: FUZZ.target.com" -ac
- POST login brute force (stealth): ffuf -w passwords.txt -X POST -d "username=admin&password=FUZZ" -u https://target.com/login -rate 2 -ac -fc 401
FAQ
Auto-calibration identifies and filters repetitive false positives and dynamic content patterns so you focus on anomalies; it dramatically reduces noise for both human and automated analysis.
When should I use raw requests?
Use raw requests when the target requires complex auth headers, cookies, CSRF tokens, or non-standard request shapes—capture an authenticated request, place FUZZ, and run --request.