Apiffuf (ffuf for APIs) – fuzzer for API hostsnames and endpoints
Apiffuf is a new API URL fuzzer designed to probe hosts and paths, generating normalized URLs for testing. It allows users to specify various options such as HTTP methods, headers, and output formats. The tool is built by the Jsmon team and is licensed under AGPLv3.
- ▪Apiffuf cross-joins hosts and paths to create normalized URLs for probing.
- ▪Users can customize requests with options like HTTP methods, headers, and concurrency settings.
- ▪The tool supports output in multiple formats including text, JSON, and CSV.
Opening excerpt (first ~120 words) tap to expand
apiffuf API URL fuzzer that cross-joins hosts and paths into normalized URLs, probes them over HTTP, and reports responding endpoints. Installation Direct install go install github.com/jsmonhq/apiffuf@latest Clone and build git clone https://github.com/jsmonhq/apiffuf.git cd apiffuf go build -ldflags="-s -w" -o apiffuf . Usage apiffuf -hosts <host|file> -paths <file> [options] Flags Flag Alias Default Description -hosts -u — Host or file containing hosts (required) -paths -w — File containing API paths (required) -method -X GET HTTP method (supports custom methods) -headers -H — Request header (Name: value, repeatable) -threads -t 20 Parallel goroutines -rate — 0 Requests per second (0 = unlimited) -o — — Save default text output to file -oJ — — Save JSON output to file -oC — — Save CSV…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.