FFUF

root@oco:~$ find / -iname *extension* -type f 2>/dev/null
root@oco:~$ find / -iname directory* -type f 2>/dev/null

EXTENSION FUZZING

root@oco:~$ ffuf -w /opt/useful/seclists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://{targetSite}:{port}/indexFUZZ
 * identify the extension the site uses

PAGE FUZZING

root@oco:~$ ffuf -w /opt/useful/seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://{targetSite}:{port}/{directory}/FUZZ.php -t 100 -ic
 * the output may list different sizes
    - size 0 means no content or empty page
    - size > 0 means the page contains content
    
root@oco:~$ curl {targetSite:port}/sitePage.php

RECURSIVE PAGE FUZZING

this combines the directory fuzzing with page fuzzing

root@oco:~$ ffuf -w /opt/useful/seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://{targetSite:port}/FUZZ -recursion -recursion-depth 1 -e .php -v -ic -t 100
 * the -recursion flag enables recursive scanning
 * the -recursion-depth flag specifies the depth of the recursive scan
    - this cmd specifically fuzzes the main directories and their subdirectories
 * the -e flag specifies the extension
 * the -v flag signifies verbose which outputs the full URL
 * the -ic flag removes wordlist comments

Last updated 8 months ago