Content Discovery
# Fuzz directories
ffuf -c -w $WORDLIST -u $URL/FUZZ -t 200
# Fuzz directories only with codes 200 and 301
ffuf -c -w $WORDLIST -u $URL/FUZZ -mc 200,301 -t 200
# Fuzz directories recursively
ffuf -c -w $WORDLIST -u $URL/FUZZ -recursion -recursion-depth $DEPTH -e .$EXTENSION -v
# Fuzz directory from URL-list
cat $LIST.txt | xargs -I{} ffuf -c -w $WORDLIST -u{}FUZZ
# Discover content
ffuf -recursion -mc all -ac -c -e .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml -w /usr/share/wordlists/OneListForAll.txt -u https://url.com/FUZZ
# Ffuf - burp
ffuf -replay-proxy http:127.0.0.1:8080
# Fuzzing extensions
ffuf -c -w $WORDLIST -u $URL/index[.]FUZZ
# General extensions
.htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml,.inc
# Backups extensions
'.bak','.bac','.old','.000','.~','.01','._bak','.001','.inc','.Xxx'
# Fuzzing login form (POST)
ffuf -w /usr/share/wordlists/SecLists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.152.194/customers/signup -mr "username already exists
# https://github.com/assetnote/kiterunner
kr brute https://whatever.com/ -w onelistforallmicro.txt -x 100 --fail-status-codes 404
kr scan https://whatever.com/ -w routes-small.kite -A=apiroutes-210228 -x 100 --ignore-length=34
dirsearch -r -f -u https://10.11.1.111 --extensions=htm,html,asp,aspx,txt -w six2dez/OneListForAll/onelistforall.txt --request-by-hostname -t 40
dirb http://10.11.1.111 -r -o dirb-10.11.1.111.txt
wfuzz -c -z file,six2dez/OneListForAll/onelistforall.txt --hc 404 http://10.11.1.11/FUZZ
# gobuster
# Simple
gobuster dir -u http://$RHOST -w $WORDLIST
# Filtrado por codes http
gobuster dir -u http://10.11.1.111 -w six2dez/OneListForAll/onelistforall.txt -s '200,204,301,302,307,403,500' -e
Última actualización 1yr ago