FFUF.me

Content Discovery - No 404 Status

In a perfect world all websites would respond correctly with the correct HTTP status codes

Lets try running the below ffuf example and see what happens

From the ffuf response you'll notice that every file you've requested has come back as been found! It's not that you've got lucky and come across a load of content it's that the webpage displaying the "Page Cannot Be Found" message is not returning a 404 header

You'll notice that the "Page Cannot Be Found" page consistently has a file size of 669 bytes. Let's re-run the ffuf command but with the -fs switch which filters out any results that are 669 bytes in length.

This should cut the results down to just one file secret

Back : File Extensions Next : Param Mining