FFUF
root@oco:~$ find / -iname *extension* -type f 2>/dev/null
root@oco:~$ find / -iname directory* -type f 2>/dev/nullEXTENSION FUZZING
root@oco:~$ ffuf -w /opt/useful/seclists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://{targetSite}:{port}/indexFUZZ
* identify the extension the site usesPAGE FUZZING
root@oco:~$ ffuf -w /opt/useful/seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://{targetSite}:{port}/{directory}/FUZZ.php -t 100 -ic
* the output may list different sizes
- size 0 means no content or empty page
- size > 0 means the page contains content
root@oco:~$ curl {targetSite:port}/sitePage.phpRECURSIVE PAGE FUZZING
this combines the directory fuzzing with page fuzzing
root@oco:~$ ffuf -w /opt/useful/seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://{targetSite:port}/FUZZ -recursion -recursion-depth 1 -e .php -v -ic -t 100
* the -recursion flag enables recursive scanning
* the -recursion-depth flag specifies the depth of the recursive scan
- this cmd specifically fuzzes the main directories and their subdirectories
* the -e flag specifies the extension
* the -v flag signifies verbose which outputs the full URL
* the -ic flag removes wordlist commentsLast updated