To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

• [Name] - The name of the tool
• [Version] - What version of the tool should be added?
  --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
• [Homepage] - Where can the tool be found online? Where to go to get more information?
• [Download] - Where to go to get the tool? either a download page or a link to the latest version
• [Author] - Who made the tool?
• [Licence] - How is the software distributed? What conditions does it come with?
• [Description] - What is the tool about? What does it do?
• [Dependencies] - What is needed for the tool to work?
• [Similar tools] - What other tools are out there?
• [Activity] - When did the project start? Is is still actively being deployed?
• [How to install] - How do you compile it?
  --- Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.
• [How to use] - What are some basic commands/functions to demonstrate it?

• [Name] - ffuf
• [Version] - v0.6
• [Homepage] - https://github.com/ffuf/ffuf/
• [Download] - https://github.com/ffuf/ffuf/releases/latest
• [Author] - Joona Hoikkala <[email protected]>
• [Licence] - MIT
• [Description] - ffuf is a very fast webfuzzer that allows fuzzing of different parts of URL - including GET parameters, POST data and HTTP headers.
• [Dependencies] - None (Go 1.11 for building the binary)
• [Similar tools] - wfuzz
• [Activity] - In very active development. First release 8.11.2018
• [How to install] - From source code: curl -LO https://github.com/ffuf/ffuf/archive/v0.6.zip && unzip v0.6.zip && cd ffuf-0.6 && go build
• [How to install] - From prebuilt binary: curl -LO https://github.com/ffuf/ffuf/releases/download/v0.6/ffuf_0.6_linux_amd64.tar.gz && tar -zxf ffuf_0.6_linux_amd64.tar.gz
• [How to use] -
  Basic resource discovery:

ffuf -w /path/to/wordlist -u https://target/FUZZ

GET parameter name fuzzing, filtering out responses of 4242 bytes:

ffuf -w /path/to/paramnames_list -u https://target/script.php?FUZZ=test_value -fs 4242

HTTP header value fuzzing, colored output, filtering out responses that contain value "something" in data:

ffuf -w /path/to/wordlist -u https://target/ -H "Headername: FUZZ" -c -fr "something"

POST data fuzzing, colored output, matching output that contains "success"

ffuf -w /path/to/passwordlist -X POST -u https://target/login.php -d "username=admin\&password=FUZZ" -c -mr "success"

Oh, and when I say very fast, I mean statistics like gobuster (the fastest equivalent available) choking at 0000426:0000600 requests / second while ffuf is chugging away with around 7k req/sec if the target is able to respond that fast. The speed is affected by concurrent threads command line flag: -t

Markup played a trick on me. it was supposed to be 600 requests / second. on the note above (instead of the internal link).

Update: version 0.7 is out:

• [Name] - ffuf
• [Version] - v0.7
• [Homepage] - https://github.com/ffuf/ffuf/
• [Download] - https://github.com/ffuf/ffuf/releases/latest
• [Author] - Joona Hoikkala <[email protected]>
• [Licence] - MIT
• [Description] - ffuf is a very fast webfuzzer that allows fuzzing of different parts of URL - including GET parameters, POST data and HTTP headers.
• [Dependencies] - None (Go 1.11 for building the binary)
• [Similar tools] - wfuzz
• [Activity] - In very active development. First release 8.11.2018
• [How to install] - From source code: curl -LO https://github.com/ffuf/ffuf/archive/v0.6.zip && unzip v0.6.zip && cd ffuf-0.6 && go build
• [How to install] - From prebuilt binary: curl -LO https://github.com/ffuf/ffuf/releases/download/v0.6/ffuf_0.6_linux_amd64.tar.gz && tar -zxf ffuf_0.6_linux_amd64.tar.gz
• [How to use] -
  Basic resource discovery:

ffuf -w /path/to/wordlist -u https://target/FUZZ

GET parameter name fuzzing, filtering out responses of 4242 bytes:

ffuf -w /path/to/paramnames_list -u https://target/script.php?FUZZ=test_value -fs 4242

HTTP header value fuzzing, colored output, filtering out responses that contain value "something" in data:

ffuf -w /path/to/wordlist -u https://target/ -H "Headername: FUZZ" -c -fr "something"

POST data fuzzing, colored output, matching output that contains "success"

ffuf -w /path/to/passwordlist -X POST -u https://target/login.php -d "username=admin\&password=FUZZ" -c -mr "success"

Update: ffuf has seen a few releases since, currently 0.9 is the most recent one:

• [Name] - ffuf
• [Version] - v0.9
• [Homepage] - https://github.com/ffuf/ffuf/
• [Download] - https://github.com/ffuf/ffuf/releases/latest
• [Author] - Joona Hoikkala <[email protected]>
• [Licence] - MIT
• [Description] - ffuf is a very fast webfuzzer that allows fuzzing of different parts of URL - including GET parameters, POST data and HTTP headers.
• [Dependencies] - None (Go 1.11 for building the binary)
• [Similar tools] - wfuzz
• [Activity] - In very active development. First release 8.11.2018
• [How to install] - From source code: curl -LO https://github.com/ffuf/ffuf/archive/v0.9.zip && unzip v0.9.zip && cd ffuf-0.9 && go build
• [How to install] - From prebuilt binary: curl -LO https://github.com/ffuf/ffuf/releases/download/v0.9/ffuf_0.9_linux_amd64.tar.gz && tar -zxf ffuf_0.9_linux_amd64.tar.gz
• [How to use] -
  Basic resource discovery:

ffuf -w /path/to/wordlist -u https://target/FUZZ

GET parameter name fuzzing, filtering out responses of 4242 bytes:

ffuf -w /path/to/paramnames_list -u https://target/script.php?FUZZ=test_value -fs 4242

HTTP header value fuzzing, colored output, filtering out responses that contain value "something" in data:

ffuf -w /path/to/wordlist -u https://target/ -H "Headername: FUZZ" -c -fr "something"

POST data fuzzing, colored output, matching output that contains "success"

ffuf -w /path/to/passwordlist -X POST -u https://target/login.php -d "username=admin\&password=FUZZ" -c -mr "success"

Do you wish me to post a new note with updated information for each release during the evaluation process (before this is closed or accepted) @g0tmi1k ?

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

Update: version 1.0 released.

• [Name] - ffuf
• [Version] - v1.0
• [Homepage] - https://github.com/ffuf/ffuf/
• [Download] - https://github.com/ffuf/ffuf/releases/latest
• [Author] - Joona Hoikkala <[email protected]>
• [Licence] - MIT
• [Description] - ffuf is a very fast webfuzzer that allows fuzzing of different parts of URL - including GET parameters, POST data and HTTP headers.
• [Dependencies] - None (Go 1.11 for building the binary)
• [Similar tools] - wfuzz
• [Activity] - In very active development. First release 8.11.2018
• [How to install] - From source code: curl -LO https://github.com/ffuf/ffuf/archive/v1.0.zip && unzip v1.0.zip && cd ffuf-1.0 && go build
• [How to install] - From prebuilt binary: curl -LO https://github.com/ffuf/ffuf/releases/download/v1.0/ffuf_1.0_linux_amd64.tar.gz && tar -zxvf ffuf_1.0_linux_amd64.tar.gz
• [How to use] -
  Basic resource discovery:

ffuf -w /path/to/wordlist -u https://target/FUZZ

GET parameter name fuzzing, filtering out responses of 4242 bytes:

ffuf -w /path/to/paramnames_list -u https://target/script.php?FUZZ=test_value -fs 4242

HTTP header value fuzzing, colored output, filtering out responses that contain value "something" in data:

ffuf -w /path/to/wordlist -u https://target/ -H "Headername: FUZZ" -c -fr "something"

POST data fuzzing, colored output, matching output that contains "success"

ffuf -w /path/to/passwordlist -X POST -u https://target/login.php -d "username=admin\&password=FUZZ" -c -mr "success"

About helping with packaging: I'll look into the documentation and see what I can do.

the package has been introduced in Debian.
Version 1.0.2-2 is now in kali.