# Run Authorized ffuf Web Fuzzing Web teams need repeatable ways to discover hidden endpoints before attackers do. This skill turns ffuf workflows into structured, authorized DAST tasks with filtering and reporting guidance. ## Install ```bash npx skillstore add agentsecops/dast-ffuf ``` ## Metadata - - Slug: agentsecops-dast-ffuf - - Version: 0.1.0 - - Author: AgentSecOps - - GitHub username: AgentSecOps - - License: MIT - - Repository: https://github.com/AgentSecOps/SecOpsAgentKit/tree/main/skills/appsec/dast-ffuf - - Ref: main - - Supported tools: Claude, Codex, Claude Code - - Risk level: medium - - Risk factors: external\_commands, network, filesystem, env\_access, scripts - - Quality score: 50 - - Quality tier: warning - - Public page: https://skillstore.pages.dev/skills/agentsecops-dast-ffuf - - Manifest: https://skillstore.pages.dev/api/skills/agentsecops-dast-ffuf/manifest ## Capabilities - Explains ffuf setup and common command patterns for authorized web fuzzing. - Guides directory, file, API endpoint, and virtual host discovery workflows. - Shows parameter, header, cookie, and authentication endpoint fuzzing patterns. - Describes filtering, matching, rate limiting, and output format choices. - Maps testing activities to OWASP Web Security Testing Guide categories. - Includes CI and security-rule templates for reporting and governance. ## Use Cases - Pre-release Web Content Discovery: Find exposed admin paths, backup files, and unexpected endpoints on staging systems before release. - Bug Bounty Scope Testing: Build rate-limited ffuf runs that respect program scope, filtering rules, and evidence requirements. - CI Security Regression Checks: Add lightweight ffuf checks for sensitive paths and publish artifacts for review. ## Prompt Templates ### Plan a Basic Directory Scan ``` Create a cautious ffuf directory discovery plan for my authorized staging site. Include wordlist choice, status-code filters, rate limits, and evidence to collect. ``` ### Tune Noisy Results ``` Review my ffuf result patterns and recommend filters for response size, words, lines, and status codes. Explain what each filter removes. ``` ### Test Parameters Safely ``` Design an authorized parameter fuzzing workflow for this endpoint. Include safe payload handling, request headers, filtering, and manual validation steps. ``` ### Build a CI DAST Gate ``` Create a CI-friendly ffuf DAST strategy for staging. Include rate limits, output formats, sensitive-file checks, artifact retention, and failure criteria. ``` ## Limitations - Does not install or execute ffuf by itself. - Requires explicit authorization for every target before testing. - Cannot guarantee vulnerability confirmation without manual validation. - May create traffic volume that affects fragile systems if misconfigured. ## Best Practices - Confirm written authorization and test scope before running any fuzzing workflow. - Start with small wordlists, low concurrency, and clear filters before expanding coverage. - Validate findings manually and handle discovered credentials or PII through approved channels. ## Anti Patterns - Running ffuf against third-party systems without explicit permission. - Using large wordlists and high thread counts against fragile production services. - Treating every matched response as a confirmed vulnerability without validation. ## Security Audit - - Safe to publish: true - - Audited at: 2026-06-28T05:19:28.034\+00:00 - - Summary: Static analysis reported many command, network, environment, script, and filesystem patterns, but review shows most are documentation examples or security-rule templates. The skill is still medium risk because it provides real ffuf network fuzzing and credential-fuzzing workflows that require authorization and rate limits. No prompt injection or confirmed malicious intent was found. ## Stats - - Views: 248 - - Downloads: 5 - - Favorites: 0 - - Popularity score: 0