Web fuzzing tools like Gobuster, FFUF, Wenum, and Feroxbuster generate extensive data during scans. Efficient filtering mechanisms provided by these tools can help narrow down the output to focus on relevant findings.
- Gobuster
Gobuster supports filtering with specific flags to refine results. Note that
-s and -b options are only available in directory fuzzing mode.
| Flag | Description | Example Scenario |
|---|
-s (include) | Include responses with specific status codes. | Filter for redirects: -s 301,302,307. |
-b (exclude) | Exclude responses with specific status codes. | Exclude 404 errors: -b 404. |
--exclude-length | Exclude responses with specific content lengths. | Exclude 0-byte or 404-byte responses: --exclude-length 0,404. |
- FFUF
FFUF provides a detailed filtering system to manage large amounts of data effectively. Filters can match or exclude based on response attributes.
| Flag | Description | Example Scenario |
|---|
-mc | Include responses with specific status codes. | Focus on 200 OK responses: -mc 200. |
-fc | Exclude responses with specific status codes. | Remove 404 errors: -fc 404. |
-fs | Exclude responses with specific sizes or size ranges. | Ignore small responses: -fs 0-1023. |
-ms | Include responses with specific sizes or size ranges. | Look for responses of 3456 bytes: -ms 3456. |
-fw | Exclude responses with specific word counts. | Exclude responses with 219 words: -fw 219. |
-mw | Include responses with specific word counts. | Filter responses with 5-10 words: -mw 5-10. |
-fl | Exclude responses with specific line counts. | Exclude responses with 10 lines: -fl 10. |
-ml | Include responses with specific line counts. | Focus on 20-line responses: -ml 20. |
-mt | Include responses with specific TTFB conditions. | Find slow responses: -mt >500. |
- Wenum
Wenum includes versatile filtering options for managing response data effectively.
| Flag | Description | Example Scenario |
|---|
--hc | Exclude responses with specific status codes. | Hide 400 errors: --hc 400. |
--sc | Include responses with specific status codes. | Focus on 200 OK responses: --sc 200. |
--hl | Exclude responses with specific line counts. | Hide verbose responses: --hl 50. |
--sl | Include responses with specific line counts. | Focus on responses with 10 lines: --sl 10. |
--hw | Exclude responses with specific word counts. | Exclude responses with common phrases: --hw 219. |
--sw | Include responses with specific word counts. | Focus on short error messages: --sw 5-10. |
--hs | Exclude responses with specific sizes. | Ignore large files: --hs 10000. |
--ss | Include responses with specific sizes. | Focus on a file size: --ss 3456. |
--hr | Exclude responses matching specific regex patterns. | Exclude “Internal Server Error”: --hr "Internal Server Error". |
--sr | Include responses matching specific regex patterns. | Focus on responses with “admin”: --sr "admin". |
- Feroxbuster
Feroxbuster provides request- and response-level filtering to streamline analysis.
| Flag | Description | Example Scenario |
|---|
--dont-scan | Exclude URLs or patterns during recursion. | Exclude /uploads directory: --dont-scan /uploads. |
-S (size) | Exclude responses with specific sizes or ranges. | Ignore 1KB pages: -S 1024. |
-X (regex) | Exclude responses matching regex patterns. | Filter error pages: -X "Access Denied". |
-W (words) | Exclude responses with specific word counts. | Ignore responses with 0-10 words: -W 0-10. |
-N (lines) | Exclude responses with specific line counts. | Exclude verbose pages: -N 50-. |
-C (status) | Exclude responses with specific status codes. | Remove 404 and 500 errors: -C 404,500. |
--filter-similar | Exclude responses similar to a reference page. | Exclude duplicates: --filter-similar-to error.html. |