Using the tools

Different tools for directory fuzzing for different uses

My recommendations

  • For a long scan that is most likely going to find what you need

    • gobuster dir -u (url) -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x txt,php -t 200 -o dirs.txt

  • Shorter scan but gets a lot

    • gobuster dir -u (url) -w /usr/share/seclists/Discovery/Web-Content/raft-small-words.txt -x txt,php -t 200 -o dirs.txt

Other options

  • Full scan for files as well instead of just directories (might take a while)

    • ffuf -w /usr/share/seclists/Discovery/Web-Content/raft-small-words.txt -u http://url/FUZZ -recursion -c -t 200

PreviousDirectory FuzzingNextWordlists to use

Last updated