What is the Web Fuzzing Security Specialist AI skill?

The Web Fuzzing Security Specialist skill is a comprehensive AI workflow that teaches your AI model procedural knowledge for Code Development. Unlike simple prompts, skills provide structured, reusable processes that can be applied across multiple contexts.

How do AI skills differ from prompts?

AI skills are more comprehensive than individual prompts. While prompts are single-use instructions, skills teach AI models reusable procedures, methodologies, and frameworks that can be applied to various situations within a domain.

expert Code Development

Web Fuzzing Security Specialist

Perform intelligent web fuzzing operations to discover hidden directories, files, subdomains, and API endpoints. Use ffuf and other fuzzing tools for authorized security testing and penetration testing workflows.

Published 2026-01-14T00:00:00Z

When to Use This Skill

• Authorized penetration testing engagements
• Bug bounty reconnaissance
• Security assessments of web applications
• API endpoint discovery
• Subdomain enumeration
• Hidden file and directory discovery
• Parameter fuzzing for injection points

How to use this skill

1. Copy the AI Core Logic from the Instructions tab below.

2. Paste it into your AI's System Instructions or as your first message.

3. Provide your raw data or requirements as requested by the AI.

#security#fuzzing#penetration-testing#ffuf#bug-bounty#reconnaissance

System Directives

## Curation Note Web fuzzing remains one of the most effective techniques for discovering hidden attack surfaces. This skill gained traction in the bug bounty community where AI agents assist in reconnaissance phases. The combination of ffuf (one of the fastest web fuzzers available) with AI-driven analysis creates a powerful workflow for identifying directories, files, subdomains, and API endpoints that manual testing would miss. ## Prerequisites ```bash go install github.com/ffuf/ffuf/v2@latest brew install ffuf # macOS apt install ffuf # Debian/Ubuntu ffuf -V ``` **Required Wordlists:** ```bash git clone https://github.com/danielmiessler/SecLists.git ~/SecLists ``` ## Safety & Ethics > **WARNING**: Only perform fuzzing on systems you have explicit authorization to test. Before fuzzing: 1. Verify written authorization exists 2. Confirm testing scope and boundaries 3. Check for rate limiting requirements 4. Document all testing activities ## Core Fuzzing Operations ### Directory Discovery ```bash ffuf -u https://target.com/FUZZ -w ~/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt ffuf -u https://target.com/FUZZ -w wordlist.txt -fs 4242 ffuf -u https://target.com/FUZZ -w wordlist.txt -fc 404,403 ffuf -u https://target.com/FUZZ -w wordlist.txt -mc 200,301,302 ``` ### File Discovery ```bash ffuf -u https://target.com/FUZZ -w wordlist.txt -e .php,.bak,.old,.txt,.html ffuf -u https://target.com/FUZZ -w wordlist.txt -recursion -recursion-depth 2 ``` ### Subdomain Enumeration ```bash ffuf -u https://FUZZ.target.com -w ~/SecLists/Discovery/DNS/subdomains-top1million-5000.txt ffuf -u https://target.com -H "Host: FUZZ.target.com" -w subdomains.txt -fs 4242 ``` ### API Endpoint Discovery ```bash ffuf -u https://api.target.com/vFUZZ/users -w versions.txt ffuf -u https://target.com/api/users -X FUZZ -w ~/SecLists/Fuzzing/http-request-methods.txt ffuf -u "https://target.com/api/search?FUZZ=test" -w ~/SecLists/Discovery/Web-Content/burp-parameter-names.txt ``` ### POST Data Fuzzing ```bash ffuf -u https://target.com/api/login \ -X POST \ -H "Content-Type: application/json" \ -d '{"username":"admin","password":"FUZZ"}' \ -w passwords.txt ffuf -u https://target.com/login \ -X POST \ -d "username=admin&password=FUZZ" \ -w passwords.txt ``` ## Advanced Techniques ### Rate Limiting ```bash ffuf -u https://target.com/FUZZ -w wordlist.txt -rate 50 ffuf -u https://target.com/FUZZ -w wordlist.txt -p 0.1 ``` ### Authentication ```bash ffuf -u https://target.com/admin/FUZZ -w wordlist.txt -b "session=abc123" ffuf -u https://target.com/api/FUZZ -w wordlist.txt -H "Authorization: Bearer token123" ``` ### Output Formats ```bash ffuf -u https://target.com/FUZZ -w wordlist.txt -o results.json -of json ffuf -u https://target.com/FUZZ -w wordlist.txt -o results.csv -of csv ffuf -u https://target.com/FUZZ -w wordlist.txt -o results.html -of html ``` ### Multi-Position Fuzzing ```bash ffuf -u https://target.com/FUZZ1/FUZZ2 \ -w usernames.txt:FUZZ1 \ -w ids.txt:FUZZ2 \ -mode clusterbomb ``` ## Intelligent Analysis Workflow ### Phase 1: Initial Reconnaissance ```bash ffuf -u https://target.com/FUZZ \ -w ~/SecLists/Discovery/Web-Content/common.txt \ -mc 200,301,302,401,403 \ -o recon_common.json -of json ``` ### Phase 2: Deep Discovery Based on initial findings, expand search: ```bash ffuf -u https://target.com/api/FUZZ \ -w ~/SecLists/Discovery/Web-Content/api/api-endpoints.txt \ -mc 200 \ -o api_endpoints.json -of json ``` ### Phase 3: Parameter Analysis For discovered endpoints, identify parameters: ```bash ffuf -u "https://target.com/api/users?FUZZ=1" \ -w ~/SecLists/Discovery/Web-Content/burp-parameter-names.txt \ -fs baseline_size \ -o params.json -of json ``` ### Phase 4: Vulnerability Testing Test discovered parameters for common vulnerabilities: ```bash ffuf -u "https://target.com/search?q=FUZZ" \ -w ~/SecLists/Fuzzing/SQLi/quick-SQLi.txt \ -fs baseline_size ffuf -u "https://target.com/search?q=FUZZ" \ -w ~/SecLists/Fuzzing/XSS/xss-payload-list.txt \ -fs baseline_size ``` ## Results Interpretation ### Response Codes | Code | Meaning | Action | | ------- | -------------------- | -------------------------------- | | 200 | Found and accessible | Investigate content | | 301/302 | Redirect exists | Follow and analyze destination | | 401 | Auth required | Note as protected resource | | 403 | Forbidden | Potential exists, check bypasses | | 500 | Server error | Possible vulnerability | ### Filtering Strategy 1. Run initial scan without filters 2. Identify common response size for "not found" pages 3. Filter that size for subsequent scans 4. Use `-fc` to exclude common error codes ## Best Practices 1. **Start slow** - Begin with low rate limits, increase gradually 2. **Monitor responses** - Watch for blocks or WAF triggers 3. **Use targeted wordlists** - Technology-specific lists work better 4. **Document everything** - Save all output for analysis 5. **Verify findings** - Manually confirm interesting results 6. **Respect scope** - Stay within authorized boundaries 7. **Check robots.txt** - Often reveals hidden paths ## Related Resources - [ffuf GitHub](https://github.com/ffuf/ffuf) - Official repository - [SecLists](https://github.com/danielmiessler/SecLists) - Wordlist collection - [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/) - Security testing methodology

Procedural Integration

This skill is formatted as a set of persistent system instructions. When integrated, it provides the AI model with specialized workflows and knowledge constraints for Code Development.

Source

Skill Actions

Model Compatibility

Claude Opus Gemini 2.5 Pro

Code Execution: Required

MCP Tools: Optional

Footprint ~1,747 tokens

Related Skills

Skill expert

Security Audit Specialist

Conduct comprehensive security audits of codebases, identifying vulnerabilities, implementing fixes, and establishing security best practices for web applications and APIs.

#security#audit

Claude Opus

Skill advanced

Prompt Security Auditor

Audit AI systems for prompt injection vulnerabilities, jailbreak risks, and output safety issues.

#security#prompt-injection

Claude Opus GPT-4

Skill advanced

Smart Contract Developer

Build secure Solidity smart contracts for DeFi, NFTs, and DAOs with best practices and security patterns.

#blockchain#solidity

Claude Opus GPT-4

Skill intermediate

PR Review Specialist

Perform comprehensive automated code reviews on pull requests. Analyze code quality, security vulnerabilities, performance issues, and adherence to team standards with actionable, constructive feedback.

#code-review#github

Claude Opus Gemini 2.5 Pro

Explore Related Resources

Security Audit Specialist

Skill

Conduct comprehensive security audits of codebases, identifying vulnerabilities, implementing fixes, and establishing security best practices for web applications and APIs.

Prompt Injection Defender

Prompt

Design robust defense mechanisms against prompt injection attacks, jailbreaks, and adversarial inputs. Implement multi-layered security for AI systems handling untrusted user input.

Filesystem

MCP Server

Secure file operations with configurable access controls

Artificial Intelligence

Glossary

The broad field of creating machines that can perform tasks requiring human-like intelligence, such as reasoning, learning, and perception.

Prompt Security Auditor

Skill

Audit AI systems for prompt injection vulnerabilities, jailbreak risks, and output safety issues.