A command-line tool for parsing and filtering FFUF JSON output files. Quickly search, filter, and analyze your web fuzzing results with color-coded output.
go install github.com/DFC302/ffufr@latestffufr [options] file1.json file2.json ... -status int
Show only this exact HTTP status code (default -1)
-filter-status string
Comma-separated list of status codes to show (e.g. 200,301,403)
-exclude-status string
Comma-separated list of status codes to hide (e.g. 500,502,503)
-min-size int
Minimum Size value to show
-max-size int
Maximum Size value to show (default 999999999)
-filter-size string
Comma-separated list of exact sizes to show (e.g. 1234,5678)
-exclude-size string
Comma-separated list of exact sizes to hide (e.g. 1234,5678)
-min-words int
Minimum Words value to show
-max-words int
Maximum Words value to show (default 999999999)
-filter-words string
Comma-separated list of exact word counts to show (e.g. 100,200)
-exclude-words string
Comma-separated list of exact word counts to hide (e.g. 100,200)
-min-lines int
Minimum Lines value to show
-max-lines int
Maximum Lines value to show (default 999999999)
-filter-lines string
Comma-separated list of exact line counts to show (e.g. 816,2000)
-exclude-lines string
Comma-separated list of exact line counts to hide (e.g. 10000,38383)
-match string
Regex pattern to filter URLs (e.g. 'download' or 'down.*er')
-output-urls string
Append matching URLs to this file (URLs only)
-output-all string
Append full output to this file (with colors unless -no-color)
-no-color
Disable color output
Parse a single FFUF output file:
ffufr results.jsonParse multiple files:
ffufr api.json dirs.json endpoints.jsonShow only 200 and 301 status codes:
ffufr -filter-status 200,301 results.jsonHide 404 and 500 errors:
ffufr -exclude-status 404,500 results.jsonFilter by size range:
ffufr -min-size 100 -max-size 5000 results.jsonExclude specific sizes:
ffufr -exclude-size 1234,5678 results.jsonSearch for URLs containing "admin":
ffufr -match 'admin' results.jsonSearch with regex pattern:
ffufr -match 'api/v[0-9]+' results.json
The -match flag uses Go's regexp package, which implements RE2 syntax. Here are common patterns you can use:
Basic matching:
-match 'admin' # Contains "admin"
-match 'admin|config' # Contains "admin" OR "config"
Anchors:
-match '^https://example' # Starts with
-match '\.php$' # Ends with .php
Character classes:
-match '[0-9]+' # One or more digits
-match '[a-zA-Z]+' # One or more letters
-match '[^/]+$' # Everything after last slash
Quantifiers:
-match 'api/v[0-9]+' # api/v1, api/v2, api/v123
-match 'down.*load' # down[anything]load
-match 'logs?' # log or logs
-match 'a{2,4}' # 2 to 4 a's
Common patterns:
-match '\.(php|asp|jsp)$' # PHP, ASP, or JSP files
-match '/api/v[0-9]+/' # Versioned API paths
-match '\d{4}' # 4 digits (like years)
-match '(backup|bak|old)' # Backup files
Case insensitive:
-match '(?i)admin' # Matches Admin, ADMIN, admin, etc.
Note: RE2 doesn't support lookaheads/lookbehinds ((?=...), (?!...)), but covers most common use cases.Combine multiple filters:
ffufr -filter-status 200 -min-size 500 -match 'download' results.jsonDisable colors for piping to other tools:
ffufr -no-color results.json | grep "admin"Save matching URLs to a file (appends, URLs only):
ffufr -filter-status 200 -output-urls urls.txt results.jsonSave full output to a file (with colors):
ffufr -filter-status 200 -output-all results.txt results.jsonSave full output without colors:
ffufr -no-color -output-all results.txt results.jsonResults are displayed with color-coded status codes:
- Green: 2xx (Success)
- Blue: 3xx (Redirect)
- Yellow: 4xx (Client Error)
- Red: 5xx (Server Error)
Example output:
[Status: 200, Size: 1234, Words: 100, Lines: 50] https://example.com/admin
[Status: 301, Size: 0, Words: 0, Lines: 0] https://example.com/api
[Status: 403, Size: 500, Words: 50, Lines: 10] https://example.com/config
MIT