FFUF Revision
Revision of What we did with FFUF


Matcher - A matcher defines a condition that has to be true for the data to not get discarded.



In other words, if you define a matcher for example -mc 200 you tell FFUF to only show you responses that have the http status code 200 OK.



You can define multiple status codes by putting then into a comma separated list for example -m 200,500. This will only give us the responses that have a 200 OK or a 500 INTERNAL SERVER ERROR as http status code.

FFUF can define matchers on multiple attributes of the response currently supported are the amount of lines, response size (in bytes), http status code, and amount of words in the response. 



Screenshot for the options available in FFUF help menu :-

https://udemy-images.s3.amazonaws.com/redactor/raw/2020-08-05_20-59-02-48c5ae8ba1d0ce83058ebbd64a6d845d.png?width=1920
                                     Figure -matchers and filters in ffuf 





Filter - Filters are the exact opposite of matchers, the condition of a filter has to be false for the data to not get discarded.


So if we define a filter on the http status code 200 OK, all requests that have that status code get discarded and we only see the requests that don't have a 200 OK as status code. Similar to the matchers described above filters can have multiple values as a comma-separated list to filter out multiple status codes.

With the basics out of the way, we can now tune the used FFUF command to scan the target and remove all the uninteresting noise from the output.

Screenshot for the options available in FFUF help menu :-

https://udemy-images.s3.amazonaws.com/redactor/raw/2020-08-05_20-59-02-48c5ae8ba1d0ce83058ebbd64a6d845d.png?width=1920
                                     Figure -matchers and filters in ffuf 



Examples :-

Filter 

ffuf -u "https://bugbountytarget.com/FUZZ" -w /usr/share/wordlists/SecLists/Discovery/Web-Content/raft-medium-directories.txt -fc 301


The following command will give the output in which there will be no response codes matching 301. 

You will get the response with all the status codes that can be 200,302,404 etc but not 301.



Matcher

ffuf -u "https://bugbountytarget.com/FUZZ" -w /usr/share/wordlists/SecLists/Discovery/Web-Content/raft-medium-directories.txt -mc 301


The following command will give the output in which there will be response codes matching 301. 

You will get the response with the status codes with only 301.