ffuf_claude_skill
🥈SilverIntegrates ffuf web fuzzer for security testing. Automates reconnaissance tasks. Connects to Python workflows. Benefits security teams by identifying vulnerabilities faster.
14450Updated 1mo ago
Intermediate30min to implementautomation
Saves ~75 min per use
Quick InstallView Source
git clone https://github.com/jthack/ffuf_claude_skill.gitWorks with:
Claude
Overview
About This Skill
The FFUF Skill for Claude Code integrates the powerful ffuf web fuzzer to automate security testing and reconnaissance tasks. It enables Claude to discover hidden directories, files, subdomains, and API endpoints through intelligent fuzzing operations. The skill handles wordlist selection, result analysis, and includes safe defaults with rate limiting to avoid aggressive testing. Security teams use this skill to identify web vulnerabilities and enumerate target infrastructure more efficiently. The skill requires ffuf to be installed locally and works with natural language commands for common fuzzing scenarios.
How to Use
["Prepare your environment: Ensure ffuf is installed (`brew install ffuf` or `apt install ffuf`) and you have a wordlist ready (e.g., from SecLists).","Customize the prompt: Replace [TARGET_URL] with your target (e.g., https://example.com), [WORDLIST_PATH] with your wordlist path, and adjust [TIMEOUT_SECONDS], [THREADS], and [EXCLUDE_CODES] as needed.","Run the scan: Paste the customized prompt into Claude/ChatGPT and execute. Monitor progress; ffuf will output real-time results.","Analyze results: Review the findings for high-priority paths (status 200/301/302) and prioritize based on potential impact. Use the recommendations to guide remediation.","Automate workflows: Integrate with Python scripts using subprocess to chain ffuf scans with other tools (e.g., nuclei for vulnerability scanning) or save results to a database for tracking."]
Use Cases
Discover hidden directories and files on target web applications
Enumerate subdomains for reconnaissance and asset discovery
Identify API endpoints and common paths on web servers
Test for backup files and configuration files on web applications
Setup & Installation
Quick Install
No install command available. Check the GitHub repository for manual installation instructions.
Alternative Install (Git Clone)
git clone https://github.com/jthack/ffuf_claude_skillRequirements
- Claude Code or compatible AI agent
- Works with: Claude
Quick Start Guide
1
Install the Skill
Copy the install command above and run it in your terminal.
2
Open Your AI Agent
Launch Claude Code, Cursor, or your preferred AI coding agent.
3
Try It Out
Use the prompt template or examples below to test the skill.
4
Customize
Adapt the skill to your specific use case and workflow.
Usage Examples
Prompt Template
Run an ffuf web fuzzing scan to discover hidden paths and files on [TARGET_URL]. Use the wordlist at [WORDLIST_PATH] with a wordlist size of [WORDLIST_SIZE] (e.g., 10000). Set the timeout to [TIMEOUT_SECONDS] seconds and threads to [THREADS]. Exclude responses with status codes [EXCLUDE_CODES] (e.g., 404,403). Save results to [OUTPUT_FILE]. Analyze the findings and highlight any high-priority paths or files that could indicate vulnerabilities.
Example Output
=== FFUF Scan Results for https://example.com === Scan completed in 2 minutes 15 seconds using wordlist /usr/share/wordlists/dirb/common.txt (14612 words). High-Priority Findings: 1. /admin/login.php (Status: 200, Size: 1242) - Potential admin panel exposure 2. /backup/config.sql (Status: 200, Size: 8471) - Database backup file exposed 3. /api/v1/users (Status: 200, Size: 452) - API endpoint with user data 4. /.git/config (Status: 200, Size: 234) - Git repository exposed Medium-Priority Findings: - /assets/js/main.js (Status: 200, Size: 12345) - JavaScript file with potential secrets - /uploads/ (Status: 301, Size: 178) - Directory listing enabled Recommendations: 1. Immediately restrict access to /admin/login.php and /backup/config.sql 2. Review .git exposure and remove if unnecessary 3. Implement WAF rules for /api/v1/users to prevent data exfiltration 4. Disable directory listing for /uploads/ Total paths tested: 14612 Total valid responses: 89 (0.61%) High-priority findings: 4 (4.49% of valid responses)
Apply to these tools
Browse all toolsClaude
AI assistant built for thoughtful, nuanced conversation
IronCalc
IronCalc is a spreadsheet engine and ecosystem
Vivantio
ITIL-aligned IT service management platform
Supahub
Customer feedback management made simple
ServiceNow
Enterprise workflow automation and service management platform
GPT for work
Automate your spreadsheet tasks with AI power
Compatible MCP servers
Browse all MCP servers
Find the right skills for your stack
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan