Fuzzing

Web Fuzzing

Directory Fuzzing

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ

Page Fuzzing

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://SERVER_IP:PORT/blog/indexFUZZ

Recursive Fuzzing

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v

Domain Fuzzing

Sub-domain Fuzzing

ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u <https://FUZZ.domain.com/>

Vhosts Fuzzing

ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u <http://domain.com>:PORT/ -H 'Host: FUZZ.domain.com'

# to filter out pages with response 900 using -f flag, means filter 
ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u <http://domain.com>:PORT/ -H 'Host: FUZZ.domain.com' -fs 900

Parameter Fuzzing

GET Requests fuzzing

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u <http://dom.com>:PORT/admin/admin.php?FUZZ=key -fs xxx

POST Resquests Fuzzing

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u <http://dom.com>:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx

Value Fuzzing

# Creating wordlists containing numbers from 1-1000
for i in $(seq 1 1000); do echo $i >> ids.txt; done

# value fuzzing
ffuf -w ids.txt:FUZZ -u <http://dom.com>:PORT/admin/admin.php -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx
PreviousWindows Remote Management ProtocolsNextIPMI - 623(UDP)

Last updated