Skip to content

T-Crypt/Pentesting-Tips

Folders and files

NameName
Last commit message
Last commit date

Latest commit

46871cc · Oct 4, 2024

History

40 Commits
Feb 16, 2024
Nov 16, 2023
Sep 8, 2023
Jun 20, 2024
Jun 20, 2024
Oct 4, 2024
Nov 16, 2023
Nov 15, 2023
Feb 16, 2024
Nov 15, 2023
Dec 18, 2023
Nov 15, 2023
Nov 15, 2023
Nov 16, 2023
Oct 4, 2024
Dec 11, 2023
Dec 18, 2023
Dec 18, 2023
Nov 15, 2023
Dec 12, 2023
Dec 18, 2023
Jun 20, 2024
Nov 15, 2023
Nov 21, 2023
Nov 16, 2023
Nov 15, 2023
Nov 15, 2023
Jun 20, 2024
Nov 15, 2023
Nov 17, 2023
Jun 20, 2024
Nov 7, 2023
Nov 16, 2023
Nov 15, 2023
Nov 16, 2023
Dec 18, 2023

Repository files navigation

FFUF / FUZZ

ffuf -h ffuf help
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ Directory Fuzzing
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ Extension Fuzzing
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php Page Fuzzing
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v Recursive Fuzzing
ffuf -w wordlist.txt:FUZZ -u https://FUZZ.hackthebox.eu/ Sub-domain Fuzzing
ffuf -w wordlist.txt:FUZZ -u http://academy.htb:PORT/ -H 'Host: FUZZ.academy.htb' -fs xxx VHost Fuzzing
ffuf -w wordlist.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php?FUZZ=key -fs xxx Parameter Fuzzing - GET
ffuf -w wordlist.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx Parameter Fuzzing - POST
ffuf -w ids.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'id=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx Value Fuzzing

Wordlists

Command Description
/opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt Directory/Page Wordlist
/opt/useful/SecLists/Discovery/Web-Content/web-extensions.txt Extensions Wordlist
/opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt Domain Wordlist
/opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt Parameters Wordlist

Misc

Command Description
sudo sh -c 'echo "SERVER_IP academy.htb" >> /etc/hosts' Add DNS entry
for i in $(seq 1 1000); do echo $i >> ids.txt; done Create Sequence Wordlist
curl http://admin.academy.htb:PORT/admin/admin.php -X POST -d 'id=key' -H 'Content-Type: application/x-www-form-urlencoded'

About

No description or website provided.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages