Fuzzing

jayt1990 · February 19, 2018, 1:33am

Hello all, i am kind of new to fuzzing in general and i am just coming to grips with the tool wfuzz.
I filter out the codes in my command -hc 404 so i dont get forbidden pages showing up

I am currently fuzzing for directories and i am getting some back with c=200
however im sure these arent actual directories for example im getting
/sync(this feel like it could be real)
then /syncopate
/syncrhonize and many different versions of sync.
All turn up a 403 page.

how can i determine on these scans what is a real directory? any kind of help with fuzzing would be greatly appreciated.
i decided to try fuzzing because using dirbuster turned up a seriously long list of incorrect directories and produced an error.

jayt1990 · February 19, 2018, 1:46am

here is an example of out put that im getting running this command
Command:wfuzz -c -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -w /usr/share/wordlists/wfuzz/general/extensions_common.txt --hc 404 http://[IP]/FUZZFUZ2Z

Output:Imgur: The magic of the Internet

wirehack7 · February 19, 2018, 7:13am

Read that:
https://tools.kali.org/web-applications/wfuzz

And do man wfuzz. Then think about how to use it.
RTFM!

Topic		Replies	Views
Web Fuzzing - Directory and File Fuzzing Academy fuzzing	1	58	September 24, 2024
Directory Fuzzing - Academy Academy	3	2315	September 18, 2022
Having Trouble with Recursive Fuzzing Off-topic	0	34	August 7, 2024
Gobuster vs Ffuf Off-topic wfuzz , fuzzing	1	1467	July 18, 2024
Directory scanning/busting more effectively Tools	8	4533	December 26, 2020

Fuzzing

Related topics