The art of fuzzing is a vital skill for any penetration tester or hacker to possess. The faster you fuzz, and the more efficiently you are at doing it, the closer you come to achieving your goal, whether that means finding a valid bug or discovering an initial attack vector. A tool called ffuf comes in handy to help speed things along and fuzz for parameters, directors, and more.
What Is Fuzzing?
Fuzzing, or fuzz testing, is the automated process of providing malformed or random data to software to discover bugs. Typically, when it comes to pentesting, a wordlist is used to iterate through values, and the results are observed and analyzed.
Fuzzing usually involves testing input — this can be anything from alphanumeric characters to find buffer overflows, to odd characters to test for SQL injection. Fuzzing is also commonly used to discover hidden directories and files and to determine valid parameter names and values.
We will be using Metasploitable 2 as our target and Kali Linux as our local machine to demonstrate ffuf's power at fuzzing.
Step 1: Install & Configure Ffuf
The only requirement to run ffuf is having Go installed, which can easily be done on Kali with the package manager.
~$ su ..
Support the originator by clicking the read the rest link below.
