"Some content on websites is seemingly hidden – that is, without their address, we are not able to access it. Often these are some remnants still from the stage of application development – the developer was supposed to remove them later, but forgot ̄_(ツ)_/ ̄ ." – it's a mention of DIRB. Mention, because with me he gave way to a new, incredibly fast tool – FFUF. The principle of operation is the same – enter the url and dictionary, and you may find some files /directories that should not be available. With any luck, it can also happen that you detect some kind of error or unusual behavior of the server.
A good dictionary that I use myself can be found here– click , and FFUFa can be downloaded from githuba creators – click .
It requires the Installed Golang compiler to work. Under Linux you can install it with the command – apt get install golang . Now we can install ffuf command – go get-u github.com/ffuf/ffuf.
Most often I use this tool with flswitch, responsible for filtering out server responses containing a certain number of lines. This is to get rid of false positivów, in other words, generic server responses when a given file/directory does not exist. The -w switch indicates the location of the dictionary, and -at the address of the test page where the word FUZZ should be inserted in the appropriate location. The ready-made sample command to run the tool looks like the following:
./ffuf -w /root/starter.txt -u https://my127001.pl/FUZZ -fl 1
