dast-ffuf
Discover hidden web resources with ffuf fuzzing
Identify hidden directories, files, and parameters in web applications that could expose vulnerabilities. Use this skill to perform comprehensive reconnaissance during authorized security testing with the high-performance ffuf fuzzer.
์คํฌ ZIP ๋ค์ด๋ก๋
Claude์์ ์ ๋ก๋
์ค์ โ ๊ธฐ๋ฅ โ ์คํฌ โ ์คํฌ ์ ๋ก๋๋ก ์ด๋
ํ ๊ธ์ ์ผ๊ณ ์ฌ์ฉ ์์
ํ ์คํธํด ๋ณด๊ธฐ
"dast-ffuf" ์ฌ์ฉ ์ค์ ๋๋ค. Run ffuf directory enumeration on https://example.com with a common wordlist
์์ ๊ฒฐ๊ณผ:
- Discovered 47 directories/files:
- - /admin (403) - Restricted access
- - /api/v1 (200) - API endpoint
- - /backup (200) - Backup directory
- - /config (401) - Configuration files
- - /wp-admin (200) - WordPress admin
- ย
- Run deeper enumeration on discovered paths with file extensions (.bak, .sql, .zip)
"dast-ffuf" ์ฌ์ฉ ์ค์ ๋๋ค. Fuzz parameters on a login form to find hidden inputs
์์ ๊ฒฐ๊ณผ:
- Found 12 hidden parameters:
- - debug (200) - May reveal additional information
- - redirect (302) - Possible open redirect vulnerability
- - callback (200) - Potential JSONP endpoint
- - token (401) - Missing or invalid token required
- ย
- Test discovered parameters for injection vulnerabilities
"dast-ffuf" ์ฌ์ฉ ์ค์ ๋๋ค. Discover virtual hosts on target domain
์์ ๊ฒฐ๊ณผ:
- Identified 5 valid virtual hosts:
- - dev.target.com (200) - Development environment
- - staging.target.com (200) - Staging environment
- - admin.target.com (403) - Admin interface exposed
- - api.target.com (200) - API server
- - git.target.com (401) - Git server detected
- ย
- Each vhost should be enumerated separately
๋ณด์ ๊ฐ์ฌ
์์ Documentation-only skill providing guidance for ffuf, a legitimate open-source DAST tool. All static findings are in markdown files and YAML templates showing example commands. No executable code, network operations, or credential access present in the skill itself. Heuristic alerts trigger on expected DAST tool patterns (command execution, network requests, credential handling) which are legitimate functionality for web fuzzing.
์ํ ์์ธ
โ๏ธ ์ธ๋ถ ๋ช ๋ น์ด (2)
๐ ๋คํธ์ํฌ ์ ๊ทผ (2)
๐ ํ๊ฒฝ ๋ณ์ (1)
โก ์คํฌ๋ฆฝํธ ํฌํจ (1)
ํ์ง ์ ์
๋ง๋ค ์ ์๋ ๊ฒ
Web reconnaissance
Discover hidden endpoints and directories during authorized penetration tests
CI/CD security testing
Integrate directory fuzzing into automated security pipelines
DAST reconnaissance
Perform comprehensive web application reconnaissance before detailed testing
์ด ํ๋กฌํํธ๋ฅผ ์ฌ์ฉํด ๋ณด์ธ์
Use ffuf to enumerate directories on https://target.example.com using a common wordlist. Show only 200 and 403 status codes.
Fuzz GET parameter names on https://api.target.com/endpoint to discover hidden parameters using ffuf with appropriate filtering.
Discover virtual hosts on target.example.com using ffuf with Host header fuzzing. Filter by response size to identify valid vhosts.
Use ffuf in clusterbomb mode to test username and password combinations on https://target.com/login. Show matched responses only.
๋ชจ๋ฒ ์ฌ๋ก
- Obtain written authorization before testing any target system
- Start with small wordlists and increase size gradually to avoid overwhelming targets
- Use rate limiting (-p and -t flags) to respect target resources
ํผํ๊ธฐ
- Testing systems without proper authorization
- Using maximum concurrency without considering target capacity
- Ignoring false positive filtering, causing noise in results
์์ฃผ ๋ฌป๋ ์ง๋ฌธ
What external tools does this skill require?
What wordlists should I use?
Can I integrate this with CI/CD pipelines?
Is credential fuzzing legal?
How do I reduce false positives?
How does this differ from other DAST tools?
๊ฐ๋ฐ์ ์ธ๋ถ ์ ๋ณด
ํ์ผ ๊ตฌ์กฐ