Bug Bounty Recon (Part-3)


Content Discovery using FFUF

Content discovery in bug bounty refers to the process of identifying hidden or undiscovered web pages, files, directories, and other content that may contain vulnerabilities or potential security issues. By discovering these hidden assets, bug bounty hunters can expand their attack surface and uncover potential vulnerabilities that may have been overlooked by the website owners.

FFUF (Fast File Fuzzing) is a powerful and versatile content discovery tool that can be used for bug bounty hunting and web application testing. It allows you to brute force directories, filenames, and other parameters to uncover hidden content. Here are some techniques and methods you can use with FFUF for content discovery:

Getting started with FFUF is straightforward. You can provide a wordlist containing common directory and file names, specify the target URL with the “FUZZ” keyword as a placeholder, and let FFUF do the rest. By replacing “FUZZ” with entries from the wordlist, FFUF sends requests to discover hidden content.For example, you can use the -w flag to specify a wordlist and target a specific URL, such as

ffuf -w wordlist.txt -u http://example.com/FUZZ

You can see the web directories and files discovered.

FFUF supports recursive scanning, allowing you to discover content within directories and subdirectories. By using the -recursion flag, FFUF can follow links and crawl through the website structure, automatically discovering new paths and hidden content.


We can also specify the recursion depth using — recursion-depth

FFUF provides options to filter and exclude certain responses based on status codes, response length, or content patterns. For example, you can use the -fc flag to filter out specific status codes or -fl to filter responses based on response length. Filtering can help you focus on relevant findings and reduce noise in the output.

It supports scanning multiple targets simultaneously, allowing you to test multiple websites or applications in parallel. You can provide a file containing a list of URLs or use Burp Suite’s sitemap to feed the targets to FFUF using the -c flag.

Specially it can be used to fuzz a url and its directories at same time. This technique is used multiple times during bugbounty and got paid. we can utilizing FFUF to perform content discovery on two different areas simultaneously.

ffuf -u https://FUZZ1/FUZZ2 -w subdomain.txt:FUZZ1, directory.txt:FUZZ2

here you can see ffuf perform content discovery on multiple areas.

We can use FFUF for subdomain enumeration

ffuf -w subdomains.txt -H "Host: FUZZ.example.com" -u https://example.com

Subdomain enumeration using ffuf

Bug bounty hunters can maximize their impact and increase the likelihood of finding critical vulnerabilities. Remember to always adhere to the rules and scope defined by the bug bounty program and follow responsible disclosure practices. Happy fuzzing and bug hunting!. Follow and sub for more..

Please comment your suggestions and what I need to cover in next series.

You can now Buy me a coffee:)



Aswin Thambi Panikulangara

Bughunter, web pentester, Network pentester