URL Fuzzer

Parameters

NameTypeDescriptionValue
tool_idIntegerThe id of this tool90
targetStringThe URL on the target server that will be fuzzed
dirsStringSearch for directories located at the base URL (optional)- on
- off
configsStringSearch for files with the following extensions: conf, cfg, txt, xml, json, ini (optional)- on
- off
com_cfgsStringSearch for common file names such as: .htaccess, .bashrc, .mysql_history, passwd and many more (about 4500 names) (optional)- on
- off
sourcesStringSearch for files with the following extensions: bat, c, java, cpp, cs, h (optional)- on
- off
archivesStringSearch for files with the following extensions: zip, tar, tar.gz, tgz, gz, 7z, bzip, rar, jar, apk (optional)- on
- off
databasesStringSearch for files with the following extensions: sql, mdb, db, nsf, csv, dbf (optional)- on
- off
logsStringSearch for files with the following extensions: log, err, journal (optional)- on
- off
backupsStringSearch for files with the following extensions: old, back, bkp, bak, tmp, test, dev, prod (optional)- on
- off
docsStringSearch for files with the following extensions: doc, docx, odt, xls, xlsx, rtf, pdf, ppt, pptx (optional)- on
- off
webStringSearch for files with the following extensions: asp, aspx, php, jsp, shtml, htm, html, dll, pl, py, cgi, cfm, sh (optional)- on
- off
custom_extStringSearch for files with custom extensions (optional). Requires input_ext parameter to be set.- on
- off
input_extStringThe custom extensions that you want to search for. You can specify multiple extensions (up to 10 per scan), including double extensions (ex. .php.old, .jsp.bak, .tgz etc.) (optional). For this option to work custom_ext must be on.
dynamicStringThis is a scan option which extends the default wordlist with words from the HTML page located at the base URL (including existing links) (optional)- on
- off
mutateStringThis is a scan option which applies various mutations to the identified files in order to find other resources (config.php, config2.php, config_old.php, config-dev.php etc.) (optional)- on
- off
follow_redirectsBooleanFollow HTTP redirects and scan the final redirect location. This will create a new target if it does not already exist. The default value of this parameter is false.
If no parameter is set, the following defaults will be used: dirs, com_cfgs, dynamic, mutate.

Start scan examples

{
  "op": "start_scan",
  "tool_id": 90,
  "target": "http://demo.pentest-tools.com/url_fuzzer",
  "tool_params": {
    "dirs": "on",
    "com_cfgs": "on",
    "custom_ext": "on",
    "input_ext": "php, tar.gz",
    "dynamic": "on"
  }
}
{
  "op": "start_scan_by_targetid",
  "tool_id": 90,
  "target": 984233,
  "tool_params": {
    "dirs": "off",
    "com_cfgs": "on",
    "custom_ext": "off",
    "dynamic": "on"
  }
}