Web Content Eumerating - shivshankaryadav/OSCP_Command GitHub Wiki
#Web Content Enumeration by Fuzzing
wfuzz help
- wfuzz -h`
File Discovery :
-
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt --hc 301,404,403 "$URL"`
-
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt --hc 301,404,403 "$URL"
Directory Discovery :
- wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt --hc 301,404,403 "$URL"`
Parameter Discovery :
- export URL="http://offsecwp:80/index.php?FUZZ=data"
- wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt --hc 301,404,403 "$URL"
Fuzzing Parameter Value :
- export URL="http://offsecwp:80/index.php?fpv=FUZZ"
- wfuzz -c -z file,/usr/share/seclists/Usernames/list-default-usernames.txt --hc 301,404,403 "$URL"
Authenticated fuzzing :
- wfuzz -c -b "=" -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt --hc 301,404,403 "$URL"
- wfuzz -c -b "=" -z file,/usr/share/seclists/Discovery/Web-Content/raft-medium-directies.txt --hc 301,404,403 "$URL"*