Generate ffuf flag recommendations

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for darkmage from gravatar.com darkmage

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License

Author: darkmage

Requires: Python >=3.6

Classifiers

Project description

ffuflags (formerly parse_ffuf)

A way to generate filter flags for ffuf from a previous fuzz + more to come!

Motivation

Typically, an ffuf user will use the -ac autocalibration flag in order to automatically apply filters based off of initial tests ffuf will do before beginning a full fuzz.

However, in my experience, I have found that the initial autocalibration ends up missing a lot of values that could be filtered-out.

Manually-writing filter flags has been time-consuming, but I realized that I could automate the process with my current (and possibly overall) favorite programming language: Python!

What this does is generate a string representing flags that are to be passed to ffuf.

I have a fuzzing script to help manage configuration options that I regularly pass into ffuf, so as an example in a script, you could do something like this:

ffuf -X GET -w $WORDLIST0 $FLAGS -u "$1/FUZZ" $HEADERS -o $OUTFILE_SMALL;
FILTER=$(python3 -m ffuflags -i "$OUTFILE_SMALL");
ffuf -X GET -w $WORDLIST1 $FLAGS $FILTER -u "$1/FUZZ" $HEADERS -o $OUTFILE_BIG;

Usage

python3 -m ffuflags -v -i <input_file> [-s | -p | -c <status_code>]
python3 -m ffuflags --verbose --input <input_file> [--sort-by-value | --sort-by-param | --code <status_code>]

Example

Simple Usage

python3 -m ffuflags -i myfuzz.json

Filtering status codes from which flags you generate

python3 -m ffuflags -i myfuzz.json -c 200
python3 -m ffuflags -i myfuzz.json --code 200
python3 -m ffuflags -i myfuzz.json -c 200,404
python3 -m ffuflags -i myfuzz.json --code 200,404

Print Extra Table of Results by Category (status code, length, duration, words, lines)

python3 -m ffuflags -v -i myfuzz.json 
python3 -m ffuflags --verbose -i myfuzz.json

Sorting the Extra Table of Results

python3 -m ffuflags -v -s -i myfuzz.json 
python3 -m ffuflags -v --sort-by-value -i myfuzz.json 
python3 -m ffuflags -v --sort-by-param -i myfuzz.json

Did you find this tool helpful?

Please consider sending me crypto through one of these addresses:

Bitcoin: 38p6p4gLqfvZ4LShmWpNnphN1TjB8WgT8M Litecoin: MU8YSVUVwKDiaQfPurW8cVzxjbeZc2qv2S Ethereum: 0xC8E4ac8ee54698dDf47d7343e12aB83985F3900A Monero: 87eZsjdCFHtQXEf4A2Mer1XjJmLmD6N1b2maovAR4XtSYs4EupxZB7UfmG9eyb8qXpVvR9HdsEpf7K3A762w3LcNTg1fLTC

Or, you can become a patron on my Patreon page!

I stream regularly on Twitch as well at: https://www.twitch.tv/darkmage666

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for darkmage from gravatar.com darkmage

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License

Author: darkmage

Requires: Python >=3.6

Classifiers

Release history Release notifications | RSS feed

This version

0.0.1.2

0.0.1.1

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ffuflags-0.0.1.2.tar.gz (15.8 kB view hashes)

Uploaded Source

Built Distribution

ffuflags-0.0.1.2-py3-none-any.whl (16.1 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page