Skip to content

reewardius/bbFuzzing.txt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

125 Commits
README.md
README.md
 
 
bbFuzzing.txt
bbFuzzing.txt
 
 
extensions
extensions
 
 
fuzzing.txt
fuzzing.txt
 
 

Repository files navigation

bbFuzzing.txt

bbFuzzing.txt is a unique vocabulary that is 90% generated with OpenAI ChatGPT.

Below are links to tools that allow you to bypass 401/403 status code.

Tools for 403/401 bypass

  1. bypassfuzzer by @intrudir
  2. bypass-url-parser by @TheLaluka
  3. dontgo403 by @devploit
  4. nomore403 by @devploit

There are also examples of how you can extend the fuzzing process to get more interesting results (proxy level misconfigurations, temporary files, etc.).

Nuclei

Before launching it is recommended to check all domains via -id waf-detect, and exclude domains that are hidden behind waf (nginxgeneric and apachegeneric indicates that WAF is missing).

nuclei -l subs -id waf-detect -silent -o waf
nuclei -l nowaf -t bbfuzzing.yaml -silent -rl 500 -c 100

It does not work perfectly, the search is aimed exclusively at finding the response body where there is no html, works until the first finding, but if there is still one, it is recommended to run ffuf on this domain as a separate stream.

Ffuf

> ffuf -u target.com/FUZZ -w bbFuzzing.txt
> ffuf -u target.com/FUZZ -H "Host: 127.0.0.1" -w bbFuzzing.txt
> ffuf -u target.com/FUZZ -H "Host: localhost" -w bbFuzzing.txt

> ffuf -u target.com/FUZZ.example -w bbFuzzing.txt
> ffuf -u target.com/FUZZ.sample -w bbFuzzing.txt
> ffuf -u target.com/FUZZ.template -w bbFuzzing.txt

> ffuf -u target.com/FUZZ/ -w bbFuzzing.txt
> ffuf -u target.com/%3B/FUZZ/ -w bbFuzzing.txt
> ffuf -u target.com/..%3B/FUZZ/ -w bbFuzzing.txt

> ffuf -u target.com/FUZZ..%2f -w bbFuzzing.txt
> ffuf -u target.com/FUZZ%09 -w bbFuzzing.txt
> ffuf -u target.com/FUZZ%23 -w bbFuzzing.txt

> ffuf -u target.com/FUZZ..%00 -w bbFuzzing.txt
> ffuf -u target.com/FUZZ;%09 -w bbFuzzing.txt
> ffuf -u target.com/FUZZ;%09.. -w bbFuzzing.txt

> ffuf -u target.com/FUZZ;%09..; -w bbFuzzing.txt
> ffuf -u target.com/FUZZ;%2f.. -w bbFuzzing.txt
> ffuf -u target.com/.FUZZ -w bbFuzzing.txt

> ffuf -u target.com/%0AFUZZ -w bbFuzzing.txt
> ffuf -u target.com/%0D%0AFUZZ -w bbFuzzing.txt
> ffuf -u target.com/%0DFUZZ -w bbFuzzing.txt

> ffuf -u target.com/%2e/FUZZ/ -w bbFuzzing.txt
> ffuf -u target.com/FUZZ%20 -w bbFuzzing.txt
> ffuf -u target.com/FUZZ%2520 -w bbFuzzing.txt

> ffuf -u target.com/%u002e%u002e/%u002e%u002e/FUZZ -w bbFuzzing.txt
> ffuf -u target.com/%2e%2e%2f/FUZZ/ -w bbFuzzing.txt
> ffuf -u target.com/%2EFUZZ -w bbFuzzing.txt

> ffuf -u target.com/FUZZ.old -w bbFuzzing.txt
> ffuf -u target.com/FUZZ?.css -w fuzzing.txt
> ffuf -u target.com/FUZZ?.js -w fuzzing.txt

> ffuf -u target.com/_FUZZ -w bbFuzzing.tx
> ffuf -u target.com/FUZZ_ -w bbFuzzing.txt
> ffuf -u target.com/_FUZZ_ -w bbFuzzing.txt

> ffuf -u target.com/..;/FUZZ/ -w bbFuzzing.txt
> ffuf -u target.com/..;/..;/FUZZ/ -w bbFuzzing.txt
> ffuf -u target.com/../FUZZ -w bbFuzzing.txt

> ffuf -u target.com/-FUZZ -w bbFuzzing.txt
> ffuf -u target.com/~FUZZ -w bbFuzzing.txt
> ffuf -u target.com/FUZZ..;/ -w bbFuzzing.txt

> ffuf -u target.com/FUZZ;/ -w bbFuzzing.txt
> ffuf -u target.com/FUZZ# -w bbFuzzing.txt
> ffuf -u target.com/FUZZ/~ -w bbFuzzing.txt

> ffuf -u target.com/!FUZZ -w bbFuzzing.txt
> ffuf -u target.com/#/FUZZ/ -w bbFuzzing.txt
> ffuf -u target.com/-/FUZZ/ -w bbFuzzing.txt

> ffuf -u target.com/FUZZ~ -w bbFuzzing.txt
> ffuf -u target.com/FUZZ/.git/config -w bbFuzzing.txt
> ffuf -u target.com/FUZZ/.env -w bbFuzzing.txt

> ffuf -u target.com/FUZZ. -w bbFuzzing.txt
> ffuf -u target.com/FUZZ/* -w bbFuzzing.txt
> ffuf -u target.com/FUZZ/? -w bbFuzzing.txt

> ffuf -u target.com/FUZZ -recursive -w fuzzing.txt
> ffuf -u target.com/FUZZ -recursive -w fuzzing.txt -e .asp,.aspx,.ashx,.ash,.jsp,.jspx,.php,.js,.dll,.json,.bak,.bkp,.conf,.txt,.py,.zip,.tar.gz,.tar,.7z,.old

Any special occasions (cookieless) - IIS + ASP
> ffuf -u target.com/(A(ABCD))/FUZZ
> ffuf -u target.com/(ABCD)/FUZZ
> ffuf -u target.com/(A(XXXXXXXX)F(YYYYYYYY))/FUZZ
> ffuf -u target.com/FUZZ/(S(X))/
> ffuf -u target.com/bin::$INDEX_ALLOCATION/FUZZ
> ffuf -u target.com/bin::$INDEX_ALLOCATION/FUZZ.dll
> ffuf -u target.com/bin::$INDEX_ALLOCATION/FUZZ -e .asp,.aspx,.ashx,.ash,.dll
  1. pathbuster by @ethicalhackingplayground
> pathbuster --urls crawls.txt --payloads traversals.txt --wordlist wordlist.txt -o output.txt

image image

  1. TProxer - Burp Suite extension made to automate the process of finding reverse proxy path based SSRF by @ethicalhackingplayground

image image

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

262 stars

Watchers

9 watching

Forks

55 forks
Report repository

Releases

No releases published

Packages

No packages published