ffuf (Fuzz Faster U Fool) is a powerful and efficient web fuzzer written in Go. It's designed for discovering hidden directories, files, and parameters in web applications. Key features include:
- Fast and efficient: Written in Go for high performance.
- Recursive fuzzing: Ability to scan recursively through directories.
- Multi-wordlist support: Operates in clusterbomb, pitchfork, and sniper modes.
- Customizable output: Supports JSON, ejson, HTML, MD, CSV, and ecsv formats.
- Proxy support: Works with HTTP and SOCKS5 proxies.
- Automatic Calibration: Automatically calibrate filtering options to reduce false positives.
Use cases include content discovery, virtual host discovery, GET/POST parameter fuzzing, and brute-forcing web application endpoints. It's a valuable tool for security researchers, penetration testers, and bug bounty hunters.
