Crawling/Spidering & Fuzzing

Crawling/Spidering

Crawling/Spidering is the automatic process of exploring a website (navigating the different links on each page) to list all the resources encountered along the way and create a map of them.

Tools	Details
katana	Crawling and Spidering katana -u <SITE1>,<SITE2>,...
ReconSpider	HTB's Custom Scrapy Spider pip3 install scrapy python3 ReconSpider.py <SITE> (results.json)

Fuzzing

Fuzzing attempts to locate, through brute force, vhosts, subdomains, files, and hidden paths that are not directly accessible from the site.

ffuf

Directory

ffuf -ic -w <WORDLIST>:X -u <URL>/X

ffuf -ic -v -recursion -recursion-depth <N> -w <WORDLIST> -u <URL>/FUZZ

Extensions

Try on files like index based on Technology Stack.

ffuf -ic -w <WORDLIST_EXTENSIONS>:FUZZ -u <URL>/indexFUZZ

Files

Try with extensions found.

ffuf -ic -e <.EXT> -v -recursion -recursion-depth <N> -w <W> -u <URL>/FUZZ

GET/POST Param/Value

ffuf -ic -w <WORDLIST>:X -u <URL>/?X=value

ffuf -ic -w <WORDLIST>:X -u <URL> -X POST -d ‘X=value’

API

ffuf -ic -w <WORDLIST>:X -u <URL>/api/X

With -recursion you cannot specify wordlist name, you have to use FUZZ.

Other

Tools	Details
dirsearch	dirsearch -u <SITE>
gobuster	gobuster [dir/dns/fuzz/vhost/...] -h
feroxbuster	feroxbuster -u <SITE>