SkillHub
SkillHubagent skills marketplace
Menu
All SkillsStacksKOLHotRankings
Sign inGet Pro
Back to skills
SkillHub ClubResearch & OpsData / AITesting

dast-ffuf

Fast web fuzzer for DAST testing with directory enumeration, parameter fuzzing, and virtual host discovery. Written in Go for high-performance HTTP fuzzing with extensive filtering capabilities. Supports multiple fuzzing modes (clusterbomb, pitchfork, sniper) and recursive scanning. Use when: (1) Discovering hidden directories, files, and endpoints on web applications, (2) Fuzzing GET and POST parameters to identify injection vulnerabilities, (3) Enumerating virtual hosts and subdomains, (4) Testing authentication endpoints with credential fuzzing, (5) Finding backup files and sensitive data exposures, (6) Performing comprehensive web application reconnaissance.

Packaged view

This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.

Stars
77
Hot score
93
Updated
March 20, 2026
Overall rating
C3.3
Composite score
3.3
Best-practice grade
S96.0

Install command

npx @skill-hub/cli install agentsecops-secopsagentkit-dast-ffuf
dastfuzzingweb-fuzzerdirectory-enumerationparameter-fuzzingvhost-discoveryffufreconnaissance

Repository

AgentSecOps/SecOpsAgentKit

Skill path: skills/appsec/dast-ffuf

Fast web fuzzer for DAST testing with directory enumeration, parameter fuzzing, and virtual host discovery. Written in Go for high-performance HTTP fuzzing with extensive filtering capabilities. Supports multiple fuzzing modes (clusterbomb, pitchfork, sniper) and recursive scanning. Use when: (1) Discovering hidden directories, files, and endpoints on web applications, (2) Fuzzing GET and POST parameters to identify injection vulnerabilities, (3) Enumerating virtual hosts and subdomains, (4) Testing authentication endpoints with credential fuzzing, (5) Finding backup files and sensitive data exposures, (6) Performing comprehensive web application reconnaissance.

Open repository

Best for

Primary workflow: Research & Ops.

Technical facets: Data / AI, Testing.

Target audience: Appsec teams looking for install-ready agent workflows..

License: Unknown.

Original source

Catalog source: SkillHub Club.

Repository owner: AgentSecOps.

This is still a mirrored public skill entry. Review the repository before installing into production workflows.

What it helps with

  • Install dast-ffuf into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
  • Review https://github.com/AgentSecOps/SecOpsAgentKit before adding dast-ffuf to shared team environments
  • Use dast-ffuf for appsec workflows

Works across

Claude CodeCodex CLIGemini CLIOpenCode

Favorites: 0.

Sub-skills: 0.

Aggregator: No.

dast-ffuf | SkillHub