Skill Detail
Fuzz web paths, parameters, and virtual hosts with ffuf to surface hidden attack surface
Probe for hidden routes, parameter behaviors, and vhost exposures fast, before you spend time manually poking at the wrong surface.
Security & VerificationMulti-Framework
Security & Verification
Multi-Framework
Security Reviewed
β 14k GitHub stars
INSTALL WITH ANY AGENT
npx skills add agentskillexchange/skills --skill fuzz-web-paths-parameters-and-virtual-hosts-with-ffuf-to-surface-hidden-attack-surface
Works best when you want a reusable capability, not another fragile one-off prompt.
At a glance
Tools required
ffuf binary, reachable target URL, wordlists, network access, operator-approved test scope
Install & setup
Install ffuf from the upstream release, package manager, or build path, prepare the target URL and wordlists, then run the documented fuzzing modes for paths, parameters, or virtual hosts with suitable response filters.
Author
ffuf
Publisher
Organization
Last updated
Apr 19, 2026
Quick brief
Use ffuf when the job is active discovery of hidden web attack surface, not ordinary browsing or generic use of a web stack. It gives an agent a bounded workflow: send wordlist-driven requests against paths, parameters, or virtual hosts, filter noisy responses, and return candidate findings for follow-up testing. That scope boundary, focused content discovery and fuzzing against a target, keeps this skill-shaped instead of reading like a plain security tool listing.