Web Application

ffuf

Fast web fuzzer for content and parameter discovery.

webfuzzing

ffuf — terminal

$ ffuf -u https://site/FUZZ -w wordlist.txt

What it does

ffuf brute-forces directories, files, virtual hosts, and parameters at high speed using wordlists. It's a core tool for mapping hidden web content and inputs.

Source

https://github.com/ffuf/ffuf ↗

More Web Application tools

SQLMapAutomated SQL injection and database takeover.CommixAutomated command-injection exploitation.FuzzDBAttack-payload and discovery wordlist library.BeEFBrowser exploitation framework.

Need hosted scanning instead of local tooling?

Run a scan in the browser →