💎Basic Fuzzing
Directory Fuzzing
the main two options are -w
for wordlists and -u
for the URL, then we choose the keyword FUZZ
to it by adding :FUZZ
after it:
We can even go faster with -t 200
, but this is not recommended, especially when used on a remote site, as it may disrupt it, and cause a Denial of Service
Page Fuzzing
we must find out what types of pages the website uses, like .html
, .aspx
, .php
We can start at looking at the pages header -> if the server is apache
, then it may be .php
, or if it was IIS
, then it could be .asp
or .aspx
The wordlist contains dots so we don't need to put it in our command ->
And once we find some extensions that work, we can go and look to fuzz some directories ->
Recursive Fuzzing
In ffuf
, we can enable recursive scanning with the -recursion
flag, and we can specify the depth with the -recursion-depth
flag. If we specify -recursion-depth 1
, it will only fuzz the main directories and their direct sub-directories. we can specify our extension with -e .php
and we can add the flag -v
to output the full URLs
Try to repeat what you learned so far to find more files/directories. One of them should give you a flag. What is the content of the flag?
Last updated