Here is a URL Fuzzer - Discover hidden files and directories sample report:
Discover hidden files and directories (which are not linked in the HTML pages): .conf, .bak, .bkp, .zip, .xls, etc. Get easy access to hidden content hosted on your target web server.
It is highly likely that you will find sensitive information in the hidden files and directories hosted on the target web server.
This tool also allows you to uncover hidden functionality in web applications (hidden paths), which can be further explored for vulnerabilities.
You can verify if the uncovered files and directories have proper permissions configured and if they leak any sensitive information.
|Base URL||This is the URL on the target server that will be fuzzed. All the requests will be done by using this value as base URL|
|Search for directories||If selected, the tool will search for directories located at the base URL (default option)|
|Search for custom extensions||This option allows you to find files with custom extensions. You can specify multiple extensions that you want to search for (up to 10 extensions per scan), including double extensions (ex. .php.old, .jsp.bak, .tgz, etc)|
|Search for common configuration files||Find common file names such as: .htaccess, .bashrc, .mysql_history, passwd and many more (about 4500 names)|
|Dynamic wordlist||This option extends the default wordlist with words from the HTML page located at the base URL (including existing links)|
|Mutate found files||Apply various mutations to the identified files in order to find other respurces (ex. config.php, config2.php, config_old.php, config-dev.php, etc)|