Vibe Index
🎯

ffuf-web-fuzzing

🎯Skill

from jthack/ffuf_claude_skill

VibeIndex|
What it does

Performs intelligent web fuzzing using ffuf to discover hidden directories, files, subdomains, and API endpoints with automated configuration and result analysis.

ffuf-web-fuzzing

Installation

Install skill:
npx skills add https://github.com/jthack/ffuf_claude_skill --skill ffuf-web-fuzzing
100
Last UpdatedOct 16, 2025
View on GitHubBack to Skills

Skill Details

SKILL.md

Overview

# FFUF Skill for Claude Code

A Claude Code skill that integrates the powerful web fuzzer [ffuf](https://github.com/ffuf/ffuf) (Fuzz Faster U Fool) for web security testing and reconnaissance tasks.

Overview

This skill enables Claude Code to perform intelligent web fuzzing operations using ffuf, making it easier to discover hidden directories, files, subdomains, and API endpoints.

Prerequisites

  • [ffuf](https://github.com/ffuf/ffuf) must be installed on your system
  • Claude Desktop application
  • Appropriate authorization to test target systems

Installing ffuf

macOS:

```bash

brew install ffuf

```

Linux:

```bash

go install github.com/ffuf/ffuf/v2@latest

```

Other methods: See the [official ffuf repository](https://github.com/ffuf/ffuf)

Installation

  1. Clone this repository:

```bash

git clone https://github.com/jthack/ffuf_claude_skill

```

  1. Copy the skill folder to Claude Code's skills directory:

```bash

mkdir -p ~/.claude/skills

cp -r ffuf_claude_skill/ffuf-skill ~/.claude/skills/

```

  1. The skill is now available for Claude Code to use!

Usage

Once installed, you can ask Claude Code to perform ffuf operations naturally:

  • "Fuzz the /api endpoint on example.com for hidden paths"
  • "Enumerate subdomains for target.com"
  • "Find common directories on https://example.com"
  • "Test for backup files on the /admin path"

Claude will automatically invoke the ffuf skill and interpret the results for you.

Features

  • Intelligent Fuzzing: Claude interprets your testing goals and configures ffuf appropriately
  • Result Analysis: Automatic filtering and analysis of ffuf output
  • Safe Defaults: Includes rate limiting and sensible defaults to avoid aggressive testing
  • Wordlist Management: Helps select appropriate wordlists for different testing scenarios

Safety & Ethics

IMPORTANT: This skill is designed for defensive security purposes only:

  • Only test systems you own or have explicit permission to test
  • Respect rate limits and avoid causing service disruption
  • Follow responsible disclosure practices
  • Comply with applicable laws and regulations

Unauthorized testing of systems is illegal and unethical.

Contributing

Contributions are welcome! Please feel free to submit issues or pull requests.

License

MIT License - See LICENSE file for details

Disclaimer

This tool is provided for educational and authorized security testing purposes only. Users are responsible for complying with all applicable laws and obtaining proper authorization before testing any systems.