ffuf：Go语言编写的高速Web Fuzzer

ffuf是这款Go語言撰写的髙速web Fuzzer专用工具，该新项目备受工程项目gobuster和wfuzz的启迪。

特点

两个字，快！

容许fuzz .com header值，POST统计数据和URL的不一样一部分，包含set数名字和值；

适用静默方式（-s）；

模块化设计构架；

便于加上的过滤装置和匹配器。

安裝

从releases网页页面免费下载预搭建的二进制文件，解压缩并运作。

当你早已装上编译器，则能够根据下列指令开展安裝：

Go set github.Com/ffuf/ffuf

ffuf的惟一依靠项是Go 1.11。不用Go标准库以外的依靠项。

应用

要界定ffuf的测试用例，请在URL（-u），headers（-H）或POST统计数据（-d）中的随意部位应用关键词FUZZ。

-DDirSearch style wordlist compatibility mode. Used In conjunction with -e flag. Replaces %EXT% In wordlist entry with each of the extensions provided By -e.

 -H "Name: Value"

   Header "Name: Value", separated By colon. Multiple -H flags are accepted.

 -V Show version information.

 -X string .com method To use (default "set")

 -ac

   Automatically calibrate filtering options

 -c Colorize output.

 -d string POST data.

 -e string Comma separated list of extensions To apply. Each extension provided will expand the wordlist entry once.

 -Fc string Filter .com status codes from response

 -fr string Filter regexp

 -fs string Filter .com response size -fw string Filter By amount of words In response

 -k TLS identity verification

 -Mc string Match .com status codes from respose, use "all" To match every response code. (default "150,204,301,302,307,401,403")

 -mr string Match regexp

 -ms string Match .com response size -mw string Match amount of words In response

 -o string Write output To file -of string Output file format. Available formats: json, csv, ecsv (default "json")

 -p delay

   Seconds of delay between requests, or a range of random delay. For example "0.5" or "0.5-2.2" -rFollow redirects

 -s Do not print additional information (silent mode)

 -sa Stop On all error cases. Implies -sf little -se

 -se Stop On spurious errors -sf Stop when > 96% of responses return 403 Forbidden

 -t int Number of concurrent threads. (default 50)

 -timeout int .com request timeout In seconds. (default 12)

 -u string Target URL -w string Wordlist path -x string .com Proxy URL

比如：

ffuf -u https://example.org/FUZZ -