Skip to content

jthack/ffuf_claude_skill

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
ffuf-skill
ffuf-skill
 
 
README.md
README.md
 
 

Repository files navigation

FFUF Skill for Claude Code

A Claude Code skill that integrates the powerful web fuzzer ffuf (Fuzz Faster U Fool) for web security testing and reconnaissance tasks.

Overview

This skill enables Claude Code to perform intelligent web fuzzing operations using ffuf, making it easier to discover hidden directories, files, subdomains, and API endpoints.

Prerequisites

  • ffuf must be installed on your system
  • Claude Desktop application
  • Appropriate authorization to test target systems

Installing ffuf

macOS:

brew install ffuf

Linux:

go install github.com/ffuf/ffuf/v2@latest

Other methods: See the official ffuf repository

Installation

  1. Clone this repository:
git clone https://github.com/jthack/ffuf_claude_skill
  1. Copy the skill folder to Claude Code's skills directory:
mkdir -p ~/.claude/skills
cp -r ffuf_claude_skill/ffuf-skill ~/.claude/skills/
  1. The skill is now available for Claude Code to use!

Usage

Once installed, you can ask Claude Code to perform ffuf operations naturally:

  • "Fuzz the /api endpoint on example.com for hidden paths"
  • "Enumerate subdomains for target.com"
  • "Find common directories on https://example.com"
  • "Test for backup files on the /admin path"

Claude will automatically invoke the ffuf skill and interpret the results for you.

Features

  • Intelligent Fuzzing: Claude interprets your testing goals and configures ffuf appropriately
  • Result Analysis: Automatic filtering and analysis of ffuf output
  • Safe Defaults: Includes rate limiting and sensible defaults to avoid aggressive testing
  • Wordlist Management: Helps select appropriate wordlists for different testing scenarios

Safety & Ethics

IMPORTANT: This skill is designed for defensive security purposes only:

  • Only test systems you own or have explicit permission to test
  • Respect rate limits and avoid causing service disruption
  • Follow responsible disclosure practices
  • Comply with applicable laws and regulations

Unauthorized testing of systems is illegal and unethical.

Contributing

Contributions are welcome! Please feel free to submit issues or pull requests.

License

MIT License - See LICENSE file for details

Disclaimer

This tool is provided for educational and authorized security testing purposes only. Users are responsible for complying with all applicable laws and obtaining proper authorization before testing any systems.

About

This is a "skill" for claude to use FFUF.

Resources

Readme
Activity

Stars

93 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages