Cheat Sheet
Comando
Descrição
ffuf -h
ajuda
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ
Fuzzing de diretório
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ
Fuzzing de extensão
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php
Fuzzing de página
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v
Fuzzing recursivo
ffuf -w wordlist.txt:FUZZ -u https://FUZZ.hackthebox.eu/
Fuzzing de subdomínio
ffuf -w wordlist.txt:FUZZ -u http://academy.htb:PORT/ -H 'Host: FUZZ.academy.htb' -fs xxx
Fuzzing VHost
ffuf -w wordlist.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php?FUZZ=key -fs xxx
Fuzzing de parâmetros - GET
ffuf -w wordlist.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx
Fuzzing de parâmetros - POST
ffuf -w ids.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx
Fuzzing de valor
Wordlists
Comando
Descrição
/opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt
Lista de palavras de diretório/página
/opt/useful/SecLists/Discovery/Web-Content/web-extensions.txt
Lista de palavras de extensões
/opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt
Lista de palavras de domínio
/opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt
Lista de palavras de parâmetros
Misc
sudo sh -c 'echo "SERVER_IP academy.htb" >> /etc/hosts'
Adicionar entrada DNS
for i in $(seq 1 1000); do echo $i >> ids.txt; done
Criar lista de palavras de sequência
curl http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'id=key' -H 'Content-Type: application/x-www-form-urlencoded'
enrolar com POST
Last updated