Provided by: ffuf_1.1.0-1_amd64 bug

NAME
       ffuf - Fast web fuzzer written in Go


SYNOPSIS
            ffuf [options]


DESCRIPTION
       ffuf  is  a fest web fuzzer written in Go that allows typical directory discovery, virtual host discovery
       (without DNS records) and GET and POST parameter fuzzing.


OPTIONS
       HTTP OPTIONS:

              -H     Header "Name: Value", separated by colon. Multiple -H flags are accepted.

              -X     HTTP method to use (default: GET)

              -b     Cookie data "NAME1=VALUE1; NAME2=VALUE2" for copy as curl functionality.

              -d     POST data

              -r     Follow redirects (default: false)

              -recursion
                     Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it.  (default:
                     false) -recursion-depth Maximum recursion depth. (default: 0)

              -replay-proxy
                     Replay matched requests using this proxy.

              -timeout
                     HTTP request timeout in seconds. (default: 10)

              -u     Target URL

              -x     HTTP Proxy URL

       GENERAL OPTIONS:

              -V     Show version information. (default: false)

              -ac    Automatically calibrate filtering options (default: false)

              -acc   Custom auto-calibration string. Can be used multiple times. Implies -ac

              -c     Colorize output. (default: false)

              -maxtime
                     Maximum running time in seconds. (default: 0)

              -p     Seconds  of  'delay'  between  requests,  or  a range of random delay. For example "0.1" or
                     "0.1-2.0"

              -s     Do not print additional information (silent mode) (default: false)

              -sa    Stop on all error cases. Implies -sf and -se. (default: false)

              -se    Stop on spurious errors (default: false)

              -sf    Stop when > 95% of responses return 403 Forbidden (default: false)

              -t     Number of concurrent threads. (default: 40)

              -v     Verbose output, printing full  URL  and  redirect  location  (if  any)  with  the  results.
                     (default: false)

       MATCHER OPTIONS:

              -mc    Match HTTP status codes, or "all" for everything. (default: 200,204,301,302,307,401,403)

              -ml    Match amount of lines in response

              -mr    Match regexp

              -ms    Match HTTP response size

              -mw    Match amount of words in response

       FILTER OPTIONS:

              -fc    Filter HTTP status codes from response. Comma separated list of codes and ranges

              -fl    Filter by amount of lines in response. Comma separated list of line counts and ranges

              -fr    Filter regexp

              -fs    Filter HTTP response size. Comma separated list of sizes and ranges

              -fw    Filter by amount of words in response. Comma separated list of word counts and ranges

       INPUT OPTIONS:

              -D     DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false)

              -e     Comma separated list of extensions. Extends FUZZ keyword.

              -ic    Ignore wordlist comments (default: false)

              -input-cmd
                     Command  producing  the  input.  --input-num  is  required  when  using  this input method.
                     Overrides -w.

              -input-num
                     Number of inputs to test. Used in conjunction with --input-cmd. (default: 100)

              -mode  Multi-wordlist  operation  mode.  Available   modes:   clusterbomb,   pitchfork   (default:
                     clusterbomb)

              -request
                     File containing the raw http request

              -request-proto
                     Protocol to use along with raw request (default: https)

              -w     Wordlist    file    path    and    (optional)    keyword    separated    by    colon.   eg.
                     '/path/to/wordlist:KEYWORD'

       OUTPUT OPTIONS:

              -debug-log
                     Write all of the internal logging to the specified file.

              -o     Write output to file

              -od    Directory path to store matched results to.

              -of    Output file format. Available formats: json, ejson, html, md, csv, ecsv (default: json)


EXAMPLE USAGE:
       Fuzz file paths from wordlist.txt, match all  responses  but  filter  out  those  with  content-size  42.
       Colored, verbose output.  ffuf -w wordlist.txt -u https://example.org/FUZZ -mc all -fs 42 -c -v

              Fuzz  Host-header,  match HTTP 200 responses.  ffuf -w hosts.txt -u https://example.org/ -H "Host:
              FUZZ" -mc 200

              Fuzz POST JSON data. Match all responses not containing text  "error".   ffuf  -w  entries.txt  -u
              https://example.org/   -X   POST   -H   "Content-Type:   application/json"  -d  '{"name":  "FUZZ",
              "anotherkey": "anothervalue"}' -fr "error"

              Fuzz multiple locations. Match only responses reflecting the  value  of  "VAL"  keyword.  Colored.
              ffuf -w params.txt:PARAM -w values.txt:VAL -u https://example.org/?PARAM=VAL -mr "VAL" -c

              More information and examples: https://github.com/ffuf/ffuf


AUTHOR
       This  manual  page  was  written  based  on  the  author's  README  by  Pedro  Loami  Barbosa  dos Santos
       <pedro@loami.eng.br> for the Debian project (but may be used by others).

ffuf 1.0.2                                          May 2020                                             ffuf(1)