Directory Fuzzing
c
ffuf -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -u http://IP:PORT/FUZZFile Fuzzing
c
$ ffuf -w /usr/share/seclists/Discovery/Web-Content/common.txt -u http://IP:PORT/w2ksvrus/FUZZ.html -e .php,.html,.txt,.bak,.js -vRecursive Fuzzing
c
$ ffuf -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -ic -v -u http://IP:PORT/FUZZ -e .html -recursionc
$ ffuf -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -ic -u http://IP:PORT/FUZZ -e .html -recursion -recursion-depth 2 -rate 500Parameter - Value Fuzzing
GET Parametres
c
https://example.com/search?query=fuzzing&category=securityc
❯ ffuf -X GET -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -ic -u http://IP:PORT/get.php?x=FUZZ -t 200POST Parameters
c
POST /login HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
username=your_username&password=your_passwordc
wenum -w /usr/share/seclists/Discovery/Web-Content/common.txt --hc 404 -u "http://IP:PORT/get.php?x=FUZZ"
...
Code Lines Words Size Method URL
...
200 1 L 1 W 25 B GET http://IP:PORT/get.php?x=OA...
Total time: 0:00:02
Processed Requests: 4731
Filtered Requests: 4730
Requests/s: 1681c
ffuf -u http://IP:PORT/post.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "y=FUZZ" -w /usr/share/seclists/Discovery/Web-Content/common.txt -mc 200 -vc
❯ ffuf -w /usr/share/wordlists/seclists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.10.10/customers/signup -mr "username already exists"c
❯ ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.61.51/customers/login -fc 200c
wfuzz -X POST -z file,/path/to/wordlist.txt -d "username=FUZZ&password=password123" -H "Content-Type: application/x-www-form-urlencoded"https://example.com/loginVirtual Host and Subdomain Fuzzing
Gobuster
c
gobuster dns -d domain.com -w /usr/share/wordlists/dirb/common.txt -ic
gobuster vhost -u domain.com -w /usr/share/wordlists/dirb/common.txtc
gobuster vhost -u domain.com -w /usr/share/wordlists/dirb/common.txt -vc
gobuster vhost -u http://inlanefreight.htb:81 -w /usr/share/seclists/Discovery/Web-Content/common.txt --append-domainc
$ gobuster vhost -u http://inlanefreight.htb:81 -w /usr/share/seclists/Discovery/Web-Content/common.txt --append-domain
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://inlanefreight.htb:81
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/SecLists/Discovery/Web-Content/common.txt
[+] User Agent: gobuster/3.6
[+] Timeout: 10s
[+] Append Domain: true
===============================================================
Starting gobuster in VHOST enumeration mode
===============================================================
Found: .git/logs/.inlanefreight.htb:81 Status: 400 [Size: 157]
...
Found: admin.inlanefreight.htb:81 Status: 200 [Size: 100]
Found: android/config.inlanefreight.htb:81 Status: 400 [Size: 157]
...
Progress: 4730 / 4730 (100.00%)
===============================================================
Finished
===============================================================c
❯ gobuster vhost -u http://94.237.57.1:38590 --domain inlanefreight.htb -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --append-domainFiltering Fuzzing Output
c
# Busca directorios con código de estado 200, basándose en la cantidad de palabras y un tamaño de respuesta superior a 500 bytes.
$ ffuf -u http://example.com/FUZZ -w wordlist.txt -mc 200 -fw 427 -ms >500
# Filtra las respuestas con códigos de estado 404, 401 y 302.
$ ffuf -u http://example.com/FUZZ -w wordlist.txt -fc 404,401,302
# Busca archivos de copia de seguridad con la extensión .bak y un tamaño entre 10 KB y 100 KB.
$ ffuf -u http://example.com/FUZZ.bak -w wordlist.txt -fs 0-10239 -ms 10240-102400
# Descubre puntos finales que tardan más de 500 ms en responder.
$ ffuf -u http://example.com/FUZZ -w wordlist.txt -mt >500c
# Muestra solo solicitudes y redireccionamientos exitosos:
$ wenum -w wordlist.txt --sc 200,301,302 -u https://example.com/FUZZ
# Oculta respuestas con códigos de error comunes:
$ wenu -w wordlist.txt --hc 404,400,500 -u https://example.com/FUZZ
# Muestra solo mensajes de error cortos (respuestas con 5-10 palabras):
$ wenum -w wordlist.txt --sw 5-10 -u https://example.com/FUZZ
# Oculta archivos grandes y centrarse en respuestas más pequeñas:
$ wenum -w wordlist.txt --hs 10000 -u https://example.com/FUZZ
# Filtra las respuestas que contengan información específica:
$ wenum -w wordlist.txt --sr "admin\|password" -u https://example.com/FUZZc
$ feroxbuster --url http://example.com -w wordlist.txt -s 200 -S 10240 -X "error"c
$ ffuf -u http://IP:PORT/post.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "y=FUZZ" -w /usr/share/seclists/Discovery/Web-Content/common.txt -vc
$ ffuf -u http://IP:PORT/post.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "y=FUZZ" -w /usr/share/seclists/Discovery/Web-Content/common.txt -v -mc allFuzzing the API
c
$ git clone https://github.com/PandaSt0rm/webfuzz_api.git
$ cd webfuzz_api
$ pip3 install -r requirements.txt