Pentest robots are here! 🤖 See how they automate 80% of your manual work >

URL Fuzzer - Discover hidden files and directories

Light Scan

Full Scan

Sample Report | Use Cases | Technical Details

Need to see the full results?

Unlock the full power and feature of our URL Fuzzer - Discover hidden files and directories! Compare pricing plans and discover more tools and features.

Sample Report

Here is a URL Fuzzer - Discover hidden files and directories sample report:

Includes the identified files and directories
Also shows the HTTP response code for each file

Download Sample Report

URL Fuzzer - Discover hidden files and directories - Use Cases

Discover hidden files and directories (which are not linked in the HTML pages): .conf, .bak, .bkp, .zip, .xls, etc. Get easy access to hidden content hosted on your target web server.
Fuzz the target with your own wordlist in the specified location.

Discover Sensitive Information

It is highly likely that you will find sensitive information in the hidden files and directories hosted on the target web server.

Extend the Attack Surface

This tool also allows you to uncover hidden functionality in web applications (hidden paths), which can be further explored for vulnerabilities.

Check for Configuration Errors

You can verify if the uncovered files and directories have proper permissions configured and if they leak any sensitive information.

Technical Details

About

The URL Fuzzer can be used to find hidden files and directories on a web server by fuzzing.

This is a discovery activity which allows you to discover resources that were not meant to be publicly accessible (ex. /backups, /index.php.old, /archive.tgz, /source_code.zip, etc).
Since 'security by obscurity' is not a good practice, you can often find sensitive information in the hidden locations identified by the URL Fuzzer.

Parameters

Parameter	Description
Template URL	This is the template URL on the target server that will be fuzzed. You can (optionally) insert your payload in custom location specified by a 'FUZZ' marker. You can place it in the path or in the query strings, but NOT in the domain or subdomain. The default location is at the end of the URL. Examples: http://example.com/dirs/FUZZ/index.php?id=3 http://example.com/dirs/profiles/user.php?name=FUZZ http://example.com/
Fuzz wordlist	Specify a custom wordlist for the payloads that will replace the 'FUZZ' marker
Search for directories	If selected, the tool will search for directories located at the base URL (default option)
Search for custom extensions	This option allows you to find files with custom extensions. You can specify multiple extensions that you want to search for (up to 10 extensions per scan), including double extensions (ex. .php.old, .jsp.bak, .tgz, etc)
Dynamic wordlist	This option extends the default wordlist with words from the HTML page located at the base URL (including existing links)
Mutate found files	Apply various mutations to the identified files in order to find other respurces (ex. config.php, config2.php, config_old.php, config-dev.php, etc)

How it works

The URL Fuzzer uses a custom built wordlist for discovering hidden files and directories. The wordlist contains more than 1000 common names of known files and directories. For each WORD in the wordlist, it will make an HTTP request to: Base_URL/WORD/ or to Base_URL/WORD.EXT in case you chose to fuzz a certain EXTension.

The files and directories that are found, are returned together with their HTTP response code and the page size.

Discover more files and directories with additional search options.

Search option	Light scan	Full scan
Directories
Custom extensions
Configuration files
Source code files
Archives
Database files
Logs
Backup files
Documents
Web files

You also get:

+ full access to all the 25+ tools on the platform

+ dedicated scanners for major new vulnerabilities

+ authenticated scans, reporting & a lot more!

Information Gathering

Web Application Testing

CMS Tests

Infrastructure Testing

Exploit Helpers