intro

fuzz dirs, files& extensions, hidden vhosts,php params, param values

fuzz - send lots of inputs and see output

dir fuzzing :

ffuf -w wordilst.txt:FUZZ -u http://ip:port/FUZZ

for extension fuzzing:

web-content/web-extensions.txt

for extension discovery

like .php for apache and .asp or .aspx for IIS .

finding index.*

ffuf -w /opt/useful/seclists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://SERVER_IP:PORT/blog/indexFUZZ

we got php so fuzz page with *.php: /blog/FUZZ.php

Recursive fuzz

—recursion-depth 1 , -recursion with -e for extension .php

ffuf -w /opt/useful/seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u <http://94.237.50.221:36909/FUZZ> -recursion -recursion-depth 1 -e .php -v

Dns records

add to local dns