ffuf (Fuzz Faster U Fool)

Overview

ffuf is the fastest web fuzzer available — written in Go, it discovers hidden files, directories, subdomains, and API endpoints by sending thousands of requests with wordlist-based payloads. Unlike dirbuster or gobuster, ffuf supports multiple fuzzing positions (URL, headers, POST body, cookies), response filtering, and recursive scanning.

When to Use

• Discovering hidden directories and files on web servers
• Finding undocumented API endpoints
• Subdomain and virtual host enumeration
• Parameter discovery (GET/POST)
• Bug bounty reconnaissance
• Pre-pentest content discovery

Instructions

Setup