面向中文用户和新手的统一入口,保持原有两种模式:1) 自动分流,2) 先头脑风暴再分流。分流目标既可以是 ctf-*,也可以在 Web/接口/漏洞验证阶段增强到 strix-*;适合不知道该用哪个 skill、想先理清题意、又不想自己先判断何时该切到工具链或漏洞专项的场景;触发名:ctf-beginner-hub
面向 CTF 新手与综合题的统一总控 skill。保持原有两种主模式:1) 自动分流,2) 先头脑风暴再分流。分流目标既可以是 ctf-*,也可以在 Web/接口/漏洞验证阶段增强到 strix-*;适合不知道该用哪个 skill、想边做边学、又不想自己先判断何时切换到工具链或漏洞专项的场景;触发名:ctf-super-hub
Strix JWT 与 OIDC 安全测试手册,覆盖令牌伪造、算法混淆与声明篡改;触发名:strix-authentication-jwt
给中文用户和新手用的 Strix Lite 统一入口:先判断该用哪一个 strix-* 工具或漏洞测试 skill,再给最小化起手步骤;适合在 Web 安全测试、工具链使用、漏洞验证时不知道先用哪个 Strix skill 的场景;触发名:strix-beginner-hub
Strix 功能级授权缺陷测试手册,覆盖操作级权限失效、管理功能越权与 API 操作绕过;触发名:strix-broken-function-level-authorization
Strix 业务逻辑漏洞测试手册,覆盖流程绕过、状态操控与领域约束破坏;触发名:strix-business-logic
| name | Strix•ffuf 用法 |
| description | Strix ffuf 模糊测试命令手册,覆盖匹配器、过滤器与自动化友好参数;触发名:strix-ffuf |
Official docs:
Canonical syntax:
ffuf -w <wordlist> -u <url_with_FUZZ> [flags]
High-signal flags:
-u <url> target URL containing FUZZ-w <wordlist> wordlist input (supports KEYWORD mapping via -w file:KEYWORD)-mc <codes> match status codes-fc <codes> filter status codes-fs <size> filter by body size-ac auto-calibration-t <n> threads-rate <n> request rate-timeout <seconds> HTTP timeout-x <proxy_url> upstream proxy (HTTP/SOCKS)-ignore-body skip downloading response body-noninteractive disable interactive console mode-recursion and -recursion-depth <n> recursive discovery-H <header> custom headers-X <method> and -d <body> for non-GET fuzzing-o <file> -of <json|ejson|md|html|csv|ecsv> structured outputAgent-safe baseline for automation:
ffuf -w wordlist.txt -u https://target.tld/FUZZ -mc 200,204,301,302,307,401,403,405 -ac -t 20 -rate 50 -timeout 10 -noninteractive -of json -o ffuf.json
Common patterns:
ffuf -w /path/wordlist.txt -u https://target.tld/FUZZ -mc 200,204,301,302,307,401,403 -ac -t 40 -rate 200 -noninteractiveffuf -w vhosts.txt -u https://target.tld -H 'Host: FUZZ.target.tld' -fs 0 -ac -noninteractiveffuf -w values.txt -u 'https://target.tld/search?q=FUZZ' -mc all -fs 0 -ac -t 30 -noninteractiveffuf -w payloads.txt -u https://target.tld/login -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=admin&password=FUZZ' -fc 401 -noninteractiveffuf -w dirs.txt -u https://target.tld/FUZZ -recursion -recursion-depth 2 -ac -t 30 -noninteractiveffuf -w wordlist.txt -u https://target.tld/FUZZ -x http://127.0.0.1:48080 -mc 200,301,302,403 -ac -noninteractiveCritical correctness rules:
FUZZ must appear exactly at the mutation point in URL/header/body.-w file:KEYWORD, that same KEYWORD must be present in URL/header/body.-noninteractive in agent/script execution to prevent ffuf console mode from swallowing subsequent shell commands.-of json -o <file> for deterministic parsing.Usage rules:
-mc/-fc/-fs) over default-only output.-rate, -t) and scale only if target tolerance is known.-h/--help during normal execution unless absolutely necessary.Failure recovery:
C-c and rerun with -noninteractive.-mc/-fc/-fs instead of increasing load.-rate/-t and tighten scope.If uncertain, query web_search with:
site:github.com/ffuf/ffuf <flag> README