Audience

Users requiring a solution to test their code and identify vulnerabilities in their applications

About Ffuf

Ffuf is a fast web fuzzer written in Go. You can also practice your Ffuf scans against a live host with different lessons and use cases either locally by using the Docker container or against the live-hosted version. Provides virtual host discovery (without DNS records). In order to tell Ffuf about different inputs to test out, a wordlist is needed. You can supply one or more wordlists on the command line, and in case you wish (or are using multiple wordlists) you can choose a custom keyword for them. You can supply Ffuf with multiple wordlists (remember to configure a custom keyword for them though). The first word of the first wordlist is tested against all the words from the second wordlist before moving along to test the second word in the first wordlist against all the words in the second wordlist. In short, all of the different combinations are tried out. There are quite a few different ways to customize the request.

Other Popular Alternatives & Related Software
Awesome Fuzzing
Awesome Fuzzing
Awesome Fuzzing is a list of fuzzing resources including books, courses, both free and paid, videos, tools, tutorials, and vulnerable applications to practice in order to learn fuzzing and initial phases of exploit development like root cause analysis. Courses/training videos on fuzzing, videos talking about fuzzing techniques, tools, and best practices. Conference talks and tutorials, blogs, tools that help in fuzzing applications, and fuzzers that help in fuzzing applications that use network-based protocols like HTTP, SSH, SMTP, etc. Search and pick the exploits, that have respective apps available for download, and reproduce the exploit by using the fuzzer of your choice. Set of tests for fuzzing engines. Includes different well-known bugs. A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature.
Learn more
BFuzz
BFuzz
BFuzz is an input-based fuzzer tool that takes HTML as an input, opens up your browser with a new instance, and passes multiple test cases generated by domato which is present in the recurve folder of BFuzz, more over BFuzz is an automation that performs the same task repeatedly and it doesn't mangle any test cases. Running BFuzz will ask for the option of whether to fuzz Chrome or Firefox, however, this will open Firefox from recurve and create the logs on the terminal. BFuzz is a small script that enables you to open the browser and run test cases. The test cases in recurve are generated by the domato generator and contain the main script. It contains additional helper code for DOM fuzzing.
Learn more
Honggfuzz
Honggfuzz
Honggfuzz is a security-oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW-based). It’s multi-process and multi-threaded, there’s no need to run multiple copies of your fuzzer, as Honggfuzz can unlock the potential of all your available CPU cores with a single running instance. The file corpus is automatically shared and improved between all fuzzed processes. It’s blazingly fast when the persistent fuzzing mode is used. A simple/empty LLVMFuzzerTestOneInput function can be tested with up to 1mo iteration per second on a relatively modern CPU. Has a solid track record of uncovered security bugs, the only (to date) vulnerability in OpenSSL with the critical score mark was discovered by Honggfuzz. As opposed to other fuzzers, it will discover and report hijacked/ignored signals from crashes (intercepted and potentially hidden by a fuzzed program).
Learn more
Defensics Fuzz Testing
Defensics Fuzz Testing
Defensics Fuzz Testing is a comprehensive, versatile, automated black box fuzzer that enables organizations to efficiently and effectively discover and remediate security weaknesses in software. The generational fuzzer takes an intelligent, targeted approach to negative testing. Advanced file and protocol template fuzzers enable users to build their own test cases. The SDK allows expert users to use the Defensics framework to develop their own test cases. Defensics is a black box fuzzer, meaning it doesn’t require source code to run. With Defensics, users can secure their cyber supply chain to ensure the interoperability, robustness, quality, and security of software and devices before introducing them into IT or lab environments. Defensics fits nearly any development workflow, whether in a traditional SDL or CI environment. Its API and data export capabilities also enable it to integrate with surrounding technologies, making it a true plug-and-play fuzzer.
Learn more

Pricing

Starting Price:
Free
Free Version:
Free Version available.

Integrations

See Integrations

Ratings/Reviews

Overall 0.0 / 5
ease 0.0 / 5
features 0.0 / 5
design 0.0 / 5
support 0.0 / 5

This software hasn't been reviewed yet. Be the first to provide a review:

Review this Software

Company Information

Ffuf
github.com/ffuf/ffuf

Videos and Screen Captures

Ffuf Screenshot 1
Ffuf Screenshot 1 Ffuf Screenshot 2
Other Useful Business Software
Build Securely on Azure with Proven Frameworks Icon
Build Securely on Azure with Proven Frameworks

Lay a foundation for success with Tested Reference Architectures developed by Fortinet’s experts. Learn more in this white paper.

Moving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
Download Now

Product Details

Platforms Supported
Cloud
Windows
Mac
Linux
Training
Documentation
Support
Online

Ffuf Frequently Asked Questions

Q: What kinds of users and organization types does Ffuf work with?
Q: What languages does Ffuf support in their product?
Q: What kind of support options does Ffuf offer?
Q: What other applications or services does Ffuf integrate with?
Q: What type of training does Ffuf provide?
Q: How much does Ffuf cost?

Ffuf Product Features