Crawling

OWASP ZAP (Zed Attack Proxy)

  1. Open ZAP, and on the top-right corner, open the browser.

  2. Write the website in the address bar and add it to the scope using the first entry in the left menu.

  3. Head back to the ZAP Window, right-click on the target website, click on the Attack menu, and then the Spider submenu.

  4. Once the process has finished, we can see the resources discovered by the spidering process.

FFuF

$ ffuf -recursion -recursion-depth 1 -u http://192.168.10.10/FUZZ -w /opt/useful/SecLists/Discovery/Web-Content/raft-small-directories-lowercase.txt

Sensitive Information Disclosure

  • Extensions wordlist raft-[ small | medium | large ]-extensions.txt files from SecLists

  • wordlist generation using Cewl (-m is min length)

$ cewl -m5 --lowercase -w wordlist.txt http://192.168.10.10

  • FFuF with custom extension, filenames, and folders

$ ffuf -w ./folders.txt:FOLDERS,./wordlist.txt:WORDLIST,./extensions.txt:EXTENSIONS -u http://192.168.10.10/FOLDERS/WORDLISTEXTENSIONS
PreviousVirtual HostsNextCloud Enumeration

Last updated