#
Directory Fuzzing
By
This section covers tools and techniques for discovering hidden directories and files on web servers.
#
📚 Wordlists
First, install the seclists package, which provides useful wordlists:
sudo apt install seclistsThe wordlists are located at:
/usr/share/seclists/
#
⚡ Feroxbuster
A powerful, fast web content discovery tool.
#
Install
sudo apt install feroxbuster
#
Simple Scan
feroxbuster --url http://web.site
feroxbuster --url https://web.site -k
#
Proxy Redirection (e.g., to BurpSuite)
feroxbuster --url http://web.site --burp http://127.0.0.1:8080 -k
#
Filters (Status Codes, Response Size)
feroxbuster --url http://web.site -C 200 # Filter by Content-Length
feroxbuster --url http://web.site -s 200 204 301 302 # Show only specific status codes
feroxbuster --url http://web.site -S 1500 # Filter by response size
#
Useful Options
-A: Use random User-Agent-a: Define a custom User-Agent-x: Specify file extensions, e.g.php js txt-w: Path to wordlist, e.g./usr/share/seclists/...
#
🔍 Gobuster
Another efficient tool for directory and file brute-forcing.
#
Install
sudo apt install gobuster
#
Directory Fuzzing Example
gobuster dir -u https://web.site -w /usr/share/seclists/test.txt -x php,html,git,bak,txt -k -s "202,302"
#
Useful Options
--exclude-length <size>: Filter by content length-s <code>: Show only specific status codes-k: Skip certificate validation (HTTPS)
#
🌀 wFuzz
Great for custom fuzzing scenarios (headers, parameters, JSON keys, etc.)
Cheatsheet: HackTricks - wFuzz
#
Install
pip install wfuzz
#
POST Request with Filtered Output
wfuzz -c -w users.txt --hs "Login name" -d "name=FUZZ&password=FUZZ&autologin=1&enter=Sign+in" http://zipper.htb/zabbix/index.php
#
Brute-Force Folder or REST API Endpoint
wfuzz -c -w /tmp/tmp/params.txt --hc 404 https://domain.com/api/FUZZ