ffuf-web-fuzzing

ffuf web fuzzing for authorized pentests. Common modes, payloads, and gotchas.

Score 0(?)CommunityCodeby jthackSource
Verified for:

Install

$ npx skills add jthack/ffuf_claude_skill

Best for

Authorized pentest engagements where ffuf is part of the stack.

Not ideal for

Anything not explicitly authorized — fuzzing third-party hosts is hostile.

About this skill

Web fuzzing with ffuf for authorized penetration testing.

ffufPentestFuzzing

Score breakdown

Score breakdown

rubric 1.0
Install count
0/20
Provenance
8.3/15
GitHub stars
0/15
Recency
6/10
Compatibility
2/10
Documentation depth
8/10
Install ergonomics
4/10
License
5/5
Verification freshness
3/5

Composite 0–100 score derived from 9 verifiable signals. See the rubric →

Security audits run by a real security firm. CodeQL + Semgrep + audit workflows.

CodeQLSemgrepAudit
Code

Kubernetes hardening by the book. NetworkPolicies, RBAC, OPA, service mesh.

KubernetesRBACOPA
Code

Real exploits, no false positives. 96.15% exploit success across 50+ vuln types.

PentestExploitationAction-taking
Code

Skill FAQ

About ffuf-web-fuzzing

What is the ffuf-web-fuzzing skill?

Web fuzzing with ffuf for authorized penetration testing.

Which agents does ffuf-web-fuzzing work with?

Claude Code.

How do I install ffuf-web-fuzzing?

Run `npx skills add jthack/ffuf_claude_skill` for Claude Code. See the install panel for per-agent commands.

Is ffuf-web-fuzzing free to use?

Yes — ffuf-web-fuzzing is open source (MIT).

Who maintains ffuf-web-fuzzing?

ffuf-web-fuzzing is published by jthack and was last updated on 2026-04-09.

What is ffuf-web-fuzzing best for?

Authorized pentest engagements where ffuf is part of the stack.