Tools: Web Testing Cheatsheet (curl, ffuf, nuclei)

TL;DR

• Start with curl to understand the app, then scale with ffuf and nuclei.
• Always record requests/responses for later (headers, auth, cookies).
• Don’t brute force blindly—be targeted and respectful with rate limits.

curl essentials

Show headers + follow redirects:

curl -iL https://example.com/

Add headers (common in testing):

curl -i https://example.com/ \
  -H 'X-Forwarded-For: 127.0.0.1' \
  -H 'X-Original-URL: /admin'

Replay with cookies:

curl -i https://example.com/account -H 'Cookie: session=...'

ffuf patterns

Directory fuzz:

ffuf -u https://example.com/FUZZ -w wordlists/dirs.txt -fc 404 -t 40 -rate 10

Parameter name discovery:

ffuf -u 'https://example.com/?FUZZ=test' -w wordlists/params.txt -fs 0 -t 40 -rate 10

Subdomain fuzz (only if allowed):

ffuf -u https://FUZZ.example.com -w wordlists/subdomains.txt -fs 0 -t 40 -rate 10

nuclei targeted scanning

nuclei -l alive.txt -t http/exposures/ -t http/misconfiguration/ -rl 10 -c 20 -silent

Minimal “save everything” structure

target/
  subs.txt
  alive.txt
  urls.txt
  ffuf/
  nuclei.txt