一键导入
ffuf
Use ffuf for authorized web directory, parameter, and virtual-host fuzzing with bounded wordlists and rates.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Use ffuf for authorized web directory, parameter, and virtual-host fuzzing with bounded wordlists and rates.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
Use agent-browser-cli to perceive and control the supervised Chrome browser inside the sandbox, interact with pages, capture screenshots/PDFs, inspect cookies/CDP/network/console state, and troubleshoot only when needed.
Use OWASP Amass for authorized asset discovery, domain enumeration, and DNS intelligence on in-scope targets.
Use apktool for authorized Android APK resource decoding, manifest review, smali inspection, rebuild checks, and static mobile artifact triage.
Use file, 7z, unzip, tar-compatible tools, hashes, and bounded shell inspection for safe triage of provided archives and unknown files.
Use binwalk for authorized firmware, binary blob, archive, filesystem, and embedded-content triage with bounded extraction and evidence handling.
Use the pwntools-provided checksec CLI for authorized ELF hardening review, mitigation checks, and binary triage evidence.
| name | ffuf |
| description | Use ffuf for authorized web directory, parameter, and virtual-host fuzzing with bounded wordlists and rates. |
Use ffuf for authorized web content discovery, parameter fuzzing, and virtual-host checks on in-scope HTTP targets.
Before constructing commands, run the installed help and use it as the source of truth:
ffuf -h
/usr/share/seclists; do not start with broad recursive lists by default.curl, httpx, or browser review before reporting.ffuf over gobuster when arbitrary FUZZ placement, parameter fuzzing, request-header fuzzing, or structured JSON output is needed.Directory/content discovery with bounded rate and JSON output:
find /usr/share/seclists/Discovery/Web-Content -maxdepth 2 -type f | sort | sed -n '1,40p'
wordlist="$(find /usr/share/seclists/Discovery/Web-Content -maxdepth 2 -type f -iname '*small*' | sort | sed -n '1p')"
test -n "$wordlist"
test -f "$wordlist"
ffuf -u https://example.com/FUZZ -w "$wordlist" -rate 50 -timeout 10 -of json -o ffuf-dir.json
Virtual host discovery:
find /usr/share/seclists/Discovery/DNS -maxdepth 2 -type f | sort | sed -n '1,40p'
wordlist="$(find /usr/share/seclists/Discovery/DNS -maxdepth 2 -type f -iname '*subdomain*' | sort | sed -n '1p')"
test -n "$wordlist"
test -f "$wordlist"
ffuf -u https://example.com/ -H 'Host: FUZZ.example.com' -w "$wordlist" -rate 50 -timeout 10 -of json -o ffuf-vhost.json
Parameter fuzzing against a known endpoint:
find /usr/share/seclists/Discovery/Web-Content -maxdepth 2 -type f | sort | sed -n '1,40p'
wordlist="$(find /usr/share/seclists -maxdepth 3 -type f -iname '*param*' | sort | sed -n '1p')"
test -n "$wordlist"
test -f "$wordlist"
ffuf -u 'https://example.com/search?FUZZ=test' -w "$wordlist" -rate 50 -timeout 10 -of json -o ffuf-params.json
Use filters such as -fc, -fs, or -fw only after comparing baseline responses.
Report target scope, command used, wordlist path, filters, output path, interesting hits, and validation status.