URL Fuzzer - Discover hidden files and directories - Use Cases
Discover hidden files and directories (which are not linked in the HTML pages): .conf, .bak, .bkp, .zip, .xls, etc. Get easy access to hidden content hosted on your target web server.
Discover Sensitive Information
It is highly likely that you will find sensitive information in the hidden files and directories hosted on the target web server.
Extend the Attack Surface
This tool also allows you to uncover hidden functionality in web applications (hidden paths), which can be further explored for vulnerabilities.
Check for Configuration Errors
You can verify if the uncovered files and directories have proper permissions configured and if they leak any sensitive information.
The URL Fuzzer can be used to find hidden files and directories on a web server by fuzzing.
This is a discovery activity which allows you to discover resources that were not meant to be publicly accessible (ex. /backups, /index.php.old, /archive.tgz, /source_code.zip, etc). Since 'security by obscurity' is not a good practice, you can often find sensitive information in the hidden locations identified by the URL Fuzzer.
This is the URL on the target server that will be fuzzed. All the requests will be done by using this value as base URL
Search for directories
If selected, the tool will search for directories located at the base URL (default option)
Search for custom extensions
This option allows you to find files with custom extensions. You can specify multiple extensions that you want to search for (up to 10 extensions per scan), including double extensions (ex. .php.old, .jsp.bak, .tgz, etc)
Search for common configuration files
Find common file names such as: .htaccess, .bashrc, .mysql_history, passwd and many more (about 4500 names)
This option extends the default wordlist with words from the HTML page located at the base URL (including existing links)
Mutate found files
Apply various mutations to the identified files in order to find other respurces (ex. config.php, config2.php, config_old.php, config-dev.php, etc)
How it works
The URL Fuzzer uses a custom built wordlist for discovering hidden files and directories. The wordlist contains more than 1000 common names of known files and directories. For each WORD in the wordlist, it will make an HTTP request to: Base_URL/WORD/ or to Base_URL/WORD.EXT in case you chose to fuzz a certain EXTension.
The files and directories that are found, are returned together with their HTTP response code and the page size.
This tool costs 20 credits but you have 40 credits left.