بنقرة واحدة
ffuf
Use ffuf for authorized web directory, parameter, and virtual-host fuzzing with bounded wordlists and rates.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Use ffuf for authorized web directory, parameter, and virtual-host fuzzing with bounded wordlists and rates.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
Use agent-browser-cli to perceive and control the supervised Chrome browser inside the sandbox, interact with pages, capture screenshots/PDFs, inspect cookies/CDP/network/console state, and troubleshoot only when needed.
Use OWASP Amass for authorized asset discovery, domain enumeration, and DNS intelligence on in-scope targets.
Use apktool for authorized Android APK resource decoding, manifest review, smali inspection, rebuild checks, and static mobile artifact triage.
Use file, 7z, unzip, tar-compatible tools, hashes, and bounded shell inspection for safe triage of provided archives and unknown files.
Use binwalk for authorized firmware, binary blob, archive, filesystem, and embedded-content triage with bounded extraction and evidence handling.
Use the pwntools-provided checksec CLI for authorized ELF hardening review, mitigation checks, and binary triage evidence.
| name | ffuf |
| description | Use ffuf for authorized web directory, parameter, and virtual-host fuzzing with bounded wordlists and rates. |
Use ffuf for authorized web content discovery, parameter fuzzing, and virtual-host checks on in-scope HTTP targets.
Before constructing commands, run the installed help and use it as the source of truth:
ffuf -h
/usr/share/seclists; do not start with broad recursive lists by default.curl, httpx, or browser review before reporting.ffuf over gobuster when arbitrary FUZZ placement, parameter fuzzing, request-header fuzzing, or structured JSON output is needed.Directory/content discovery with bounded rate and JSON output:
find /usr/share/seclists/Discovery/Web-Content -maxdepth 2 -type f | sort | sed -n '1,40p'
wordlist="$(find /usr/share/seclists/Discovery/Web-Content -maxdepth 2 -type f -iname '*small*' | sort | sed -n '1p')"
test -n "$wordlist"
test -f "$wordlist"
ffuf -u https://example.com/FUZZ -w "$wordlist" -rate 50 -timeout 10 -of json -o ffuf-dir.json
Virtual host discovery:
find /usr/share/seclists/Discovery/DNS -maxdepth 2 -type f | sort | sed -n '1,40p'
wordlist="$(find /usr/share/seclists/Discovery/DNS -maxdepth 2 -type f -iname '*subdomain*' | sort | sed -n '1p')"
test -n "$wordlist"
test -f "$wordlist"
ffuf -u https://example.com/ -H 'Host: FUZZ.example.com' -w "$wordlist" -rate 50 -timeout 10 -of json -o ffuf-vhost.json
Parameter fuzzing against a known endpoint:
find /usr/share/seclists/Discovery/Web-Content -maxdepth 2 -type f | sort | sed -n '1,40p'
wordlist="$(find /usr/share/seclists -maxdepth 3 -type f -iname '*param*' | sort | sed -n '1p')"
test -n "$wordlist"
test -f "$wordlist"
ffuf -u 'https://example.com/search?FUZZ=test' -w "$wordlist" -rate 50 -timeout 10 -of json -o ffuf-params.json
Use filters such as -fc, -fs, or -fw only after comparing baseline responses.
Report target scope, command used, wordlist path, filters, output path, interesting hits, and validation status.