Fuzzing Everything

🐈‍⬛

Hi guys, I hope you’re all well and today I’ll show a lot of fuzzing techniques with ffuf which I use frequently.

Directory Fuzzing

ffuf -w wordlist.txt:FUZZ -u SCHEME://HOST:PORT/FUZZ -ic

Extension Fuzzing

ffuf -w wordlist.txt:FUZZ -u SCHEME://HOST:PORT/DIRECTORY/indexFUZZ

Page Fuzzing

ffuf -w wordlist.txt:FUZZ -u SCHEME://HOST:PORT/DIRECTORY/FUZZ.EXTENSION

Recursive Fuzzing

ffuf -w wordlist.txt:FUZZ -u SCHEME://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -v

Subdomain Fuzzing

ffuf -w wordlist.txt:FUZZ -u SCHEME://FUZZ.HOST/

Vhost Fuzzing

ffuf -w wordlist.txt:FUZZ -u SCHEME://HOST:PORT/ -H 'Host: FUZZ.HOST'

Parameter Fuzzing — GET

ffuf -w /wordlist.txt:FUZZ -u SCHEME://HOST:PORT/DIRECTORY/ENDPOINT?FUZZ=ke

Parameter Fuzzing — POST

ffuf -w wordlist.txt:FUZZ -u SCHEME://HOST:PORT/DIRECTORY/ENDPOINT.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded'

Value Fuzzing

ffuf -w wordlist.txt:FUZZ -u SCHEME://HOST:PORT/DIRECTORY/ENDPOINT.php -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded'

There are some more techniques on my blog: https://pad1ryoshi.github.io/blog/2025/06/04/fuzzing-techniques.html

Thanks and I hope this blog can help you! Bye, see later :)