Why is auto-calibration (-ac) recommended for this skill?

Auto-calibration is essential because it automatically filters out repetitive false positives and noise from dynamic web responses, allowing Claude to focus on analyzing meaningful anomalies.

Can I use this skill for authenticated fuzzing?

Yes, the skill provides detailed instructions on using raw HTTP request files to maintain complex headers, session cookies, and JWT tokens during the fuzzing process.

How does FFUF handle multiple wordlists?

FFUF supports multiple wordlists through modes like 'clusterbomb' (Cartesian product) and 'pitchfork' (parallel iteration), which are useful for testing multiple parameters simultaneously.

FFUF (Fuzz Faster U Fool) is a high-performance web fuzzer written in Go, used to discover hidden files, directories, and vulnerabilities by substituting keywords from wordlists into HTTP requests.

FFUF Web Fuzzing Skill

Name: FFUF Web Fuzzing Skill
Author: Activer007

byActiver007

セキュリティとテスト

Streamlines web fuzzing workflows with expert guidance on FFUF for discovering hidden content, subdomains, and vulnerabilities during penetration testing.

概要

This skill empowers Claude to act as a security testing specialist, providing precise configurations for FFUF (Fuzz Faster U Fool). It covers advanced techniques such as authenticated fuzzing using raw HTTP requests, multi-wordlist strategies like clusterbomb and pitchfork, and critical auto-calibration to minimize noise. Whether you are performing directory discovery, parameter fuzzing, or subdomain enumeration, this skill ensures results are analyzed efficiently and common false positives are filtered out, delivering actionable security insights for professional audits.

主な機能

Multi-wordlist execution modes for complex parameter fuzzing
Guidance on rate limiting and stealth techniques for WAF evasion
0 GitHub stars
Automated noise reduction and result filtering via auto-calibration
Comprehensive directory, file, and subdomain discovery strategies
Advanced authenticated fuzzing using raw HTTP request files

ユースケース

Discovering hidden API endpoints and administrative directories during security audits
Identifying IDOR and authentication bypass vulnerabilities through parameter fuzzing
Mapping attack surfaces via subdomain enumeration and virtual host discovery

概要

主な機能

Multi-wordlist execution modes for complex parameter fuzzing
Guidance on rate limiting and stealth techniques for WAF evasion
0 GitHub stars
Automated noise reduction and result filtering via auto-calibration
Comprehensive directory, file, and subdomain discovery strategies
Advanced authenticated fuzzing using raw HTTP request files

ユースケース

Discovering hidden API endpoints and administrative directories during security audits
Identifying IDOR and authentication bypass vulnerabilities through parameter fuzzing
Mapping attack surfaces via subdomain enumeration and virtual host discovery