Skip to main content

ffuf

ffuf is a fast web fuzzer designed for automated security workflows within Canva, specializing in directory and virtual host discovery, as well as parameter fuzzing. It efficiently uncovers vulnerabilities by probing target URLs with customizable wordlists and configurations.

Ideal Use Cases & Fit

ffuf excels in scenarios involving web application security assessments, particularly during the reconnaissance phase where mapping out application surfaces is critical. It is particularly effective when working with JSONL input files that specify target URLs and wordlists. The tool solves the problem of finding hidden endpoints and potential vulnerabilities. However, it may not be suitable for real-time attack simulations or extensive brute-force testing due to its focus on fuzzing rather than exploitation.

Value in Workflows

This tool integrates seamlessly into security workflows as an early reconnaissance step, providing valuable insights into application structures and potential attack vectors. It enhances the effectiveness of other security tools by supplying them with context regarding available endpoints. By automating the fuzzing process, ffuf saves time and resources during the assessment phase.

Input Data

ffuf expects input data in JSONL format, specifying target URLs and corresponding wordlists. The required fields include:

  • url: The target URL containing the FUZZ keyword.
  • wordlist: The path to the wordlist to be used for fuzzing.

Example:

{"url": "https://example.com/FUZZ", "wordlist": "common.txt"}
{"url": "https://test.com/admin/FUZZ", "wordlist": "common.txt"}

Configuration

  • wordlist: Specifies the default wordlist for requests if not provided in the input.
  • method: Defines the HTTP method to use (default is GET).
  • proxy: URL for the proxy server, crucial for routing HTTP requests through specified networks.
  • silent: Enables silent mode to suppress additional output information.
  • noninteractive: Disables any interactive console functions for automated workflow execution.
  • timeout: Sets the HTTP request timeout in seconds (default 10).
  • follow-redirects: Indicates whether to follow HTTP redirects.
  • rate: Adjusts the rate of requests per second, allowing for controlled fuzzing.
  • http2: Specifies whether to use the HTTP/2 protocol for improved request handling.

By configuring these parameters, workflow builders can tailor ffuf's operation to meet specific testing needs while ensuring efficient integration into automated security assessments. Updated: 2026-02-10