FFUF value/parameter scanning

Hello everybody, I have a problem with ffuf for scanning all parameters in a web site (Module: "Attacking Web Application with Fuff" ). I ran first this command (for search for all pages .php):

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt -u -recursion -v -e .php

Later this: ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://ip/dir/page.php?FUZZ=key -fs xxx

The problem is this: I get all parameters name with status 403 I filter them and there isn't a good paramenter, Where did I make mistakes?



  • I would say if you're getting 403 on everything, it's a typo in the URL. See if you can access the page without any params.

    imageTest sig please ignore

  • Thanks, I tried it and when I search the page it gives me 403 "Forbidden", now I think that I missed some webpages or directories

Sign In to comment.