How do I perform subdomain enumeration with this skill?

By using Ffuf with a subdomain wordlist and targeting the 'Host' header (e.g., -H 'Host: FUZZ.target.com'), you can identify virtual hosts and subdomains.

What are the different fuzzing modes like 'clusterbomb'?

Clusterbomb tests all possible combinations of multiple wordlists (Cartesian product), while Pitchfork iterates through multiple wordlists in parallel.

What is Ffuf and why should I use it?

Ffuf (Fuzz Faster U Fool) is a fast web fuzzer written in Go. It is used for discovering hidden content, subdomains, and testing for vulnerabilities, significantly outperforming older tools like Dirbuster.

Why is the auto-calibration (-ac) flag essential?

Auto-calibration automatically detects and filters repetitive false positive responses from dynamic websites, making it much easier for both humans and AI to identify genuine results.

Can I use Ffuf for authenticated fuzzing?

Yes, by using the --request flag, you can import a raw HTTP request containing session cookies or authorization headers and place the FUZZ keyword in the path or body.

Ffuf Web Fuzzing & Security

Name: Ffuf Web Fuzzing & Security
Author: lifangda

bylifangda

•

セキュリティとテスト

Performs high-speed web fuzzing and content discovery to identify hidden directories, subdomains, and security vulnerabilities.

概要

This skill equips Claude with expert-level knowledge of Ffuf (Fuzz Faster U Fool), a high-performance web fuzzer designed for security researchers and penetration testers. It enables Claude to guide users through complex fuzzing workflows, including directory discovery, subdomain enumeration, and authenticated API testing using raw HTTP requests. By leveraging auto-calibration and strategic filtering, this skill ensures precise result analysis and efficient vulnerability identification, transforming raw tool output into actionable security insights during penetration testing engagements.

主な機能

High-speed directory and file discovery with extension support
Advanced auto-calibration to eliminate noise and false positives
Multi-wordlist support with clusterbomb and pitchfork modes
16 GitHub stars
Subdomain and virtual host enumeration for attack surface mapping
Authenticated fuzzing via raw HTTP request file importing

ユースケース

Discovering hidden API endpoints and administrative interfaces
Testing authenticated endpoints for IDOR and parameter injection vulnerabilities
Mapping a target's infrastructure through subdomain and VHost discovery

概要

主な機能

High-speed directory and file discovery with extension support
Advanced auto-calibration to eliminate noise and false positives
Multi-wordlist support with clusterbomb and pitchfork modes
16 GitHub stars
Subdomain and virtual host enumeration for attack surface mapping
Authenticated fuzzing via raw HTTP request file importing

ユースケース

Discovering hidden API endpoints and administrative interfaces
Testing authenticated endpoints for IDOR and parameter injection vulnerabilities
Mapping a target's infrastructure through subdomain and VHost discovery