Ffuf Mux

Ffuf Mux, available here, is a bash script that launches several tmux sessions and, for each target URL, runs a separate ffuf discovery task using ffuf_content_discovery.sh.

Each scan runs inside its own tmux session so that large fuzzing campaigns can be executed and controlled easily (pause, restart, or kill).

Requirements

You need the following programs installed on a Linux terminal:

• ffuf

• tmux

Optional but recommended:

• SecLists (for common wordlists)

Configuration

• Move to the folder <folder_name> you want to use

• Clone the repository

• Change permissions for bash scripts

  chmod +x ffuf_mux.sh ffuf_content_discovery.sh

Run

Launch the TMUX sessions on TXT files

• Create a folder targets with TXT files containing the URLs to be scanned. For example:

  ├── targets
  │   ├── target1.txt
  │   ├── target2.txt
  │   ├── target3.txt
  │   │       ...
  │   └── target4.txt
  │
  ├── results
  │
  ├── ffuf_content_discovery.sh
  └── ffuf_mux.sh

  target.txt:

  https://example1.com:8080
  http://example1.com:80
  https://example2.com:8443
  ...
  https://exampleN.com

  Each URL will generate one or more ffuf scans depending on the wordlists used.

• Launch the script

  ./ffuf_mux.sh start

  For each URL contained in the files inside the targets folder, a new tmux session will be created.

• If you want to use a different folder as input:

  ./ffuf_mux.sh start --targets <folder_name>

For each URL, the script will create a different result file in the results sub-folder of the current working directory.

Example of final folder content:

├── targets
│   ├── target1.txt
│   ├── target2.txt
│   ├── target3.txt
│   │       ...
│   └── target4.txt
│
├── results
│   ├── example1_com_8080_raft-medium-files.csv
│   ├── example1_com_8080_raft-medium-directories.csv
│   ├── example1_com_80_raft-medium-files.csv
│   ├── example1_com_80_raft-medium-directories.csv
│   ├── example2_com_8443_raft-medium-files.csv
│   ├── example2_com_8443_raft-medium-directories.csv
│   │       ...
│   └── exampleN_com_raft-medium-files.csv
│
├── ffuf_content_discovery.sh
└── ffuf_mux.sh

Launch the TMUX sessions on URLS specified as parameter

./ffuf_mux.sh start --url https://example.com

Multiple URLs are supported:

./ffuf_mux.sh start \
  --url https://example1.com \
  --url https://example2.com

For each URL, the script will create a different result file in the results sub-folder of the current working directory.

├── results
│   ├── example1_com_raft-medium-files.csv
│   └── example2_com_raft-medium-directories.csv
│
├── ffuf_content_discovery.sh
└── ffuf_mux.sh

Optional Parameters

Parameter	Description	Example
--targets <dir>	Directory containing .txt files with target URLs (default: targets)	--targets custom_targets
--url <url>	Scan a specific URL directly (can be repeated)	--url https://example.com
--files <wordlist>	Wordlist for file discovery	--files wordlists/files.txt
--dirs <wordlist>	Wordlist for directory discovery	--dirs wordlists/dirs.txt
--wordlist <wordlist>	Generic fuzzing mode (disables file/dir split)	--wordlist wordlists/common.txt
--header "Header: value"	Custom HTTP header (repeatable)	--header "Authorization: Bearer TOKEN"
--threads <n>	Number of ffuf threads (default: 5)	--threads 20
--rate <rps>	Maximum requests per second (default: 30)	--rate 100

Default Wordlists

If no wordlists are specified, the script automatically uses:

/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt
/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt

Pause/restart the TMUX sessions

./ffuf_mux.sh pause

or:

./ffuf_mux.sh restart

In both cases, the script sends a carriage return to all tmux sessions with prefix ffufmux_, pausing or restarting the running ffuf scan.

Kill the TMUX sessions

./ffuf_mux.sh kill

The script kills all tmux sessions with prefix ffufmux_.