🔗Gobuster

https://www.kali.org/tools/gobuster/

• gobuster -e -u http://10.10.10.10 -w wordlist.txt

• gobuster dir -u 10.10.162.67 -w /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt

• gobuster dir -u http://<TARGET_IP> -w /usr/share/wordlists/dirb/common.txt -b 403,404

• gobuster dir -u http://<TARGET_IP> -w /usr/share/wordlists/dirb/common.txt -b 403,404 -x .php,.xml,.txt -r

• gobuster dir -u http://<TARGET_IP>/data -w /usr/share/wordlists/dirb/common.txt -b 403,404 -x .php,.xml,.txt -r

gobuster | Kali Linux ToolsKali Linux

Alternative tool

Ffuf

Directory discovery:

ffuf -w wordlist.txt -u http://example.com/FUZZ

File discovery:

ffuf -w wordlist.txt -u http://example.com/FUZZ -e .aspx,.php,.txt,.html

Output of responses with status code:

ffuf -w /usr/share/wordlists/dirb/small.txt -u http://example.com/FUZZ -mc 200,301

The -maxtime flag offers to end the ongoing fuzzing after the specified time in seconds:

ffuf -w wordlist.txt -u http://example.com/FUZZ -maxtime 60

Number of threads:

ffuf -w wordlist.txt -u http://example.com/FUZZ -t 64

GitHub - ffuf/ffuf: Fast web fuzzer written in GoGitHub

Dirbuster

• dirb http://10.10.10.10 wordlist.txt

🗃️Dirb