ffufai is an AI-powered wrapper for the ffuf web fuzzer, designed to enhance fuzzing efficiency by automatically suggesting relevant file extensions. It targets security researchers and penetration testers who use ffuf and want to streamline the process of identifying common web file types. The primary benefit is reducing manual effort in discovering potential attack vectors by leveraging AI to predict likely extensions.

How It Works

The tool integrates with ffuf by first analyzing the target URL and its HTTP headers. It then queries either OpenAI's GPT or Anthropic's Claude models with this information, prompting the AI to suggest a list of probable file extensions. These suggestions are appended to the original fuzzing request, allowing ffuf to test a broader, more contextually relevant set of file paths. This approach aims to improve discovery rates by intelligently expanding the search space beyond generic extensions.

Quick Start & Requirements

• Install: pip install requests openai anthropic
• Prerequisites: Python 3.6+, ffuf installed and in PATH, OpenAI or Anthropic API key set as environment variable (OPENAI_API_KEY or ANTHROPIC_API_KEY).
• Usage: python3 ffufai.py -u <URL> -w <WORDLIST> or ffufai -u <URL> -w <WORDLIST> (after creating a symbolic link).
• Docs: ffuf documentation

Highlighted Details

• Automatically suggests file extensions based on target URL and headers.
• Supports both OpenAI and Anthropic AI models for extension generation.
• Passes through all standard ffuf parameters.
• Allows customization of the maximum number of suggested extensions.

Maintenance & Community

The project is actively maintained, with the last commit being recent. It is an open-source project welcoming contributions via Pull Requests.

Licensing & Compatibility

Licensed under the MIT License, permitting commercial use and integration with closed-source projects.

Limitations & Caveats

ffufai requires the FUZZ keyword to be present at the end of the URL path for accurate extension suggestions. If both OpenAI and Anthropic API keys are configured, it defaults to using the OpenAI key.