Fuzzing / Wordlists

  1. Content Discovery - https://twitter.com/Alra3ees/status/1208502084246671366 (Also downloaded the same)

  2. Dirbuster - When you're brute forcing for endpoints, don't forget to add extensions. You can also use this method to discover backup files. Here's a command I use frequently:

    dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u - https://twitter.com/i/status/1221792235215151104

  3. Status codes - hakul/hakcrawl - gofetch , statusparser

  4. What are your normal testing steps when you see a 401? - https://twitter.com/nomanAli181/status/1146411693590736896

  5. https://github.com/deibit/cansina - web content discovery

  6. Jhaddix -

Tools - Fast web fuzzer written in Go - https://github.com/ffuf/ffuf

When you're brute forcing for endpoints, don't forget to add extensions. You can also use this method to discover backup files. Here's a command I use frequently:

dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u

Thread Related -- https://twitter.com/search?q=FFuF&src=typed_query

Any tool to dedupe a list of urls according their parameters? I mean keep only 1 url if it appears several times with same params no matter their values - https://twitter.com/gwendallecoguic/status/1207435306410168322

https://twitter.com/Mah3Sec_/status/1325030700039368709