OSCP Notes
  • Introduction
  • Port Scanning
  • Nmap Port Scanning
  • Nmap Scripts
  • Services Enumeration
    • SMB Enumeration (Port 139, 445)
    • SNMP Enumeraion (Port 161)
    • NFS Enumeration (Port 111, 2049)
    • SMTP Enumeration (Port 25)
    • DNS Enumeration (Port 53)
    • POP3 (Port 110, 25*)
    • MySQL (Port 3306)
    • Oracle (Port 1521)
    • MsSQL (Port 1433)
  • Web / HTTP
    • Web Scanning
    • CMS
    • Directory Fuzzing
    • File Upload
      • Bypass file upload filtering
      • Bruteforcing extensions
      • WebDAV
    • Bruteforce Authentication
    • LFI and RFI
      • Interesting Files for LFI
      • Null Byte Injection
      • PHP Wrappers
    • ShellShock
    • Post Requests
  • password attacks
    • Brute-force service password
    • Cracking Password
    • Custom Worldlist
  • Exploitaion
    • Searchsploit
    • Compiling the Exploit
  • shell
    • Bind and Reverse shell
    • Upgrading shell
    • msfvenom
  • Linux Post Exploitation
    • Linux Manual Exploitation
    • Linux post exploitation scripts
    • Kernel Exploitation
  • windows post exploitation
    • General
    • Manual Exploitaion
    • Dumping the sam file
    • SUDO SU
    • Automated enumeration script
    • Windows Exploit Suggester
  • file transfer
    • General
    • Linux
    • Windows
  • cheatsheets
    • Command injection Cheatsheet
    • Find Command Cheatsheet
    • Netcat
    • SQL Injection Bypass
    • CheckList
    • XSS Payload
Powered by GitBook
On this page
  • Ffuf
  • Simple Scan
  • Ignoring particular status code
  • VHOST Fuzzing
  • Extension
  • GoBuster
  • Normal Scan
  • Append / to each request
  • DirSearch
  • Some Extension
  1. Web / HTTP

Directory Fuzzing

Among all listed tools below , ffuf gave me best results in every scenarios and also use directory-list-2.3-medium.txt for most of common scenarios

Ffuf

Simple Scan

ffuf -w /opt/dirsearch/small.txt -u http://10.10.118.46/FUZZ

Ignoring particular status code

ffuf -w /opt/dirsearch/big.txt -u http://10.10.191.30:80/FUZZ -fc 401

VHOST Fuzzing

ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.horizontall.htb" -u http://horizontall.htb

Extension

ffuf -w /opt/dirsearch/big.txt -u http://bounty.htb/FUZZ -e .asp,.aspx,.txt

GoBuster

Normal Scan

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u 10.10.10.56 -x txt,php

Append / to each request

Sometimes it's necessary to look only for directories and not for files so we can append / to every request to look for only directories

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u 10.10.10.56 -f

DirSearch

dirsearch.py -u http://10.10.10.5:80/ -e txt,asp,aspx

Some Extension

sh,txt,php,html,htm,asp,aspx,js,xml,log,json,jpg,jpeg,png,gif,doc,pdf,mpg,mp3,zip,tar.gz,tar
PreviousCMSNextFile Upload

Last updated 3 years ago