80, 443 - HTTP/S
Last updated
Was this helpful?
Last updated
Was this helpful?
General purpose automatic scanners:
List of spidering tools:
Tools:
Fuzz parameters using injection payloads:
Included in Kali’s wordlists package under /usr/share/wordlists
.
/rockyou.txt
/dirbuster/directory-list-2.3-medium.txt
( 1.9M - 220560 lines )
/dirbuster/directory-list-2.3-small.txt
( 709K - 87664 lines )
/dirb/common.txt
( 36K - 4614 lines )
/dirb/big.txt
( 180K - 20469 lines )
(python): It doesn't allow auto-signed certificates but allows recursive search.
(go): It allows auto-signed certificates, it doesn't have recursive search.
- Fast, supports recursive search.
wfuzz -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt https://domain.com/api/FUZZ
- Fast: ffuf -c -w /usr/share/wordlists/dirb/big.txt -u http://10.10.10.10/FUZZ
: It uses wapalyzer to detect used technologies and select the wordlists to use.