ffuf使用心得
ffuf 是一个快速扫描器。可以快速完成你所有能想到的扫描任务
QQ群:397745473
ffuf使用心得
1
2
3
4
5
| 参考:
https://www.hackingarticles.in/comprehensive-guide-on-ffuf/ 很多实用的ffuf例案
https://www.cybersecnerds.com/ffuf-everything-you-need-to-know/ 很多实用的ffuf例案
http://manpages.ubuntu.com/manpages/groovy/man1/ffuf.1.html ffuf 文档
https://github.com/ffuf/ffuf#example-usage 官方文档是最好的文档
|
GO环境搭建
参考 :
https://vksec.com/2019/12/06/106_%E5%BF%AB%E9%80%9F%E6%90%AD%E5%BB%BAGolang%E6%89%AB%E6%8F%8F%E7%8E%AF%E5%A2%83/
1
2
3
4
5
6
7
| go 官网: https://golang.org/dl/
curl -o goTar.tar.gz https://dl.google.com/go/go1.16.4.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf goTar.tar.gz
mkdir -p ~/go; echo "export GOPATH=$HOME/go" >> ~/.bashrc
echo "export PATH=$PATH:$HOME/go/bin:/usr/local/go/bin" >> ~/.bashrc
source ~/.bashrc
|
下载FFUF源码并编译
1
2
3
| FFUF github: https://github.com/ffuf/ffuf
cd;git clone https://github.com/ffuf/ffuf.git;cd ffuf;go get;go build
|
安装tor代理
在debian系统中执行以下命令安装tor代理
netstat -ntpl 查端口的9050有监听就可以了
1
| apt install tor -y;/etc/init.d/tor restart;netstat -ntpl
|
开始扫描
生成字典文件
把要扫的路径统一放到一个文件中
1
2
3
4
5
| vim wordlist
xxxx
xxxx
xxxxxx
|
开始执行命令
1
2
3
4
5
6
7
| ffuf -w wordlist -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4473.0 Safari/537.36" -H "Connection: keep-alive" -H "X-Forwarded-For: 127.0.0.1" -mr "DB_NAME" -x "socks5://127.0.0.1:9150" -t 5 -p 0.1 -rate 10 -ac -o results/$(date +%s%N).csv -of csv -or -u https://www.site.com/FUZZ -s
或者 不加代理
ffuf -w wordlist -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4473.0 Safari/537.36" -H "Connection: keep-alive" -H "X-Forwarded-For: 127.0.0.1" -mr "DB_NAME" -t 5 -p 0.1 -rate 10 -ac -o results/$(date +%s%N).csv -of csv -or -u https://site.com/FUZZ -s
|
QQ群:397745473