search
Page cover

Crawl/Fuzz

# Crawlers dirhunt https://url.com/arrow-up-right hakrawler -domain https://url.com/arrow-up-right python3 sourcewolf.py -h gospider -s "https://example.com/"arrow-up-right -o output -c 10 -d 1 gospider -S sites.txt -o output -c 10 -d 1 gospider -s "https://example.com/"arrow-up-right -o output -c 10 -d 1 --other-source --include-subs # Fuzzers # ffuf # Discover content ffuf -recursion -mc all -ac -c -e .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml -w six2dez/OneListForAll/onelistforall.txt -u https://url.com/FUZZarrow-up-right # Headers discover ffuf -mc all -ac -u https://hackxor.netarrow-up-right -w six2dez/OneListForAll/onelistforall.txt -c -H "FUZZ: Hellothereheadertesting123 asd" # Ffuf - burp ffuf -replay-proxy http:127.0.0.1:8080 # Fuzzing extensions # General .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml,.inc # Backups '.bak','.bac','.old','.000','.~','.01','._bak','.001','.inc','.Xxx' # kr # https://github.com/assetnote/kiterunnerarrow-up-right kr brute https://whatever.com/arrow-up-right -w onelistforallmicro.txt -x 100 --fail-status-codes 404 kr scan https://whatever.com/arrow-up-right -w routes-small.kite -A=apiroutes-210228 -x 100 --ignore-length=34 # chameleon # https://github.com/iustin24/chameleonarrow-up-right ./chameleon -u http://testphp.vulnweb.comarrow-up-right -a -A # Best wordlists for fuzzing: # https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Contentarrow-up-right - raft-large-directories-lowercase.txt - directory-list-2.3-medium.txt - RobotsDisallowed/top10000.txt # https://github.com/assetnote/commonspeak2-wordlists/tree/master/wordswithextarrow-up-right - # https://github.com/random-robbie/bruteforce-listsarrow-up-right # https://github.com/google/fuzzing/tree/master/dictionariesarrow-up-right # https://github.com/six2dez/OneListForAllarrow-up-right # AIO: https://github.com/foospidy/payloadsarrow-up-right # Check https://wordlists.assetnote.io/arrow-up-right # Pro tip: set "Host: localhost" as header # Custom generated dictionary gau example.com | unfurl -u paths # Get files only sed 's#/#\n#g' paths.txt |sort -u # Other things gau example.com | unfurl -u keys gau example.com | head -n 1000 |fff -s 200 -s 404 # Hadrware devices admin panel # https://github.com/InfosecMatter/default-http-login-hunterarrow-up-right default-http-login-hunter.sh https://10.10.0.1:443/arrow-up-right # Dirsearch dirsearch -r -f -u https://10.11.1.111arrow-up-right --extensions=htm,html,asp,aspx,txt -w six2dez/OneListForAll/onelistforall.txt --request-by-hostname -t 40 # dirb dirb http://10.11.1.111arrow-up-right -r -o dirb-10.11.1.111.txt # wfuzz wfuzz -c -z file,six2dez/OneListForAll/onelistforall.txt --hc 404 http://10.11.1.11/FUZZarrow-up-right # gobuster gobuster dir -u http://10.11.1.111arrow-up-right -w six2dez/OneListForAll/onelistforall.txt -s '200,204,301,302,307,403,500' -e # Cansina # https://github.com/deibit/cansinaarrow-up-right python3 cansina.py -u example.com -p PAYLOAD # Ger endpoints from JS # LinkFinder # https://github.com/GerbenJavado/LinkFinderarrow-up-right python linkfinder.py -i https://example.comarrow-up-right -d python linkfinder.py -i burpfile -b # JS enumeration # https://github.com/KathanP19/JSFScan.sharrow-up-right # Tip, if 429 add one of these headers: Client-Ip: IP X-Client-Ip: IP X-Forwarded-For: IP X-Forwarded-For: 127.0.0.1

PreviousCommand find priv /escNextHTTP Request Smuggling

Last updated