WebApplication Tooling
Fuzzing
ffuf -u https://10.10.14.2/FUZZ -w /opt/SecLists/Discovery/Web-Content/api/api-endpoints.txt -fc 401
VHost Discovery
./gobuster dir -u https://10.10.14.2 -w /opt/SecLists/Discovery/Web-Content/api/api-endpoints.txt --wildcard 401
File/Dir Busting
# Dirbrute Forcing With extension
./feroxbuster --url https://10.10.14.2 --depth 2 --wordlist /opt/SecLists/Disc
overy/Web-Content/raft-large-words.txt -k -C 401 -o ~/spectre/edge-https.feroxbuster -x php,pl,sh,asp,ht
ml,json,py,cfm,aspx,rb,cgi,js,bak,txt
# Ffuf
ffuf -u https://102.128.176.162/FUZZ -w /mnt/security/Projects/WebScripts/output/special-chars.3.fuzz -fc 401
Backup Discovery
# Backup discovery
bfac -u https://102.128.176.162/ -xsc 401
Param Discovery
./x8 -u "https://10.10.14.2" -w /opt/SecLists/Discovery/Web-Content/burp-parameter-names.txt
X8
bfac
feroxbuster
gobuster
ffuf