Why is auto-calibration (-ac) emphasized in this skill?

Auto-calibration helps FFUF distinguish between genuine responses and dynamic error pages, significantly reducing false positives and making the output much easier for Claude and humans to analyze.

Does this skill provide advice on wordlists?

It recommends the most effective wordlists from the SecLists collection for various tasks, including directory discovery, parameter names, and subdomain enumeration.

Can I use this skill for authenticated fuzzing?

Yes, the skill provides specific guidance on using raw HTTP requests captured from tools like Burp Suite to fuzz endpoints that require cookies, JWTs, or complex headers.

How does this skill handle rate limiting?

It includes standardized flags for the -rate and -p parameters to ensure scans are stealthy and do not overwhelm the target server or trigger WAF protections.

FFUF Web Fuzzing

Name: FFUF Web Fuzzing
Author: pur3v4d3r

bypur3v4d3r

•

보안 및 테스팅

Optimizes web fuzzing and discovery tasks using FFUF to identify hidden directories, subdomains, and potential vulnerabilities.

소개

This skill transforms Claude into a security testing expert by providing optimized FFUF (Fuzz Faster U Fool) configurations for rapid web discovery. It specializes in sophisticated fuzzing techniques, including authenticated testing via raw HTTP requests, noise reduction through mandatory auto-calibration, and multi-wordlist strategies like clusterbomb and pitchfork. By leveraging these patterns, users can efficiently map attack surfaces and perform deep security audits while maintaining control over rate limits and output analysis.

주요 기능

Authenticated fuzzing via raw HTTP request integration
Expert directory and hidden file discovery configurations
Advanced rate-limiting and stealth fuzzing patterns
Subdomain and parameter enumeration strategies
1 GitHub stars
Intelligent noise reduction using auto-calibration flags

사용 사례

Mapping subdomains and virtual hosts for comprehensive attack surface analysis
Testing authenticated API endpoints for IDOR and access control issues
Discovering administrative panels and sensitive configuration files

소개

주요 기능

Authenticated fuzzing via raw HTTP request integration
Expert directory and hidden file discovery configurations
Advanced rate-limiting and stealth fuzzing patterns
Subdomain and parameter enumeration strategies
1 GitHub stars
Intelligent noise reduction using auto-calibration flags

사용 사례

Mapping subdomains and virtual hosts for comprehensive attack surface analysis
Testing authenticated API endpoints for IDOR and access control issues
Discovering administrative panels and sensitive configuration files