Day 82 comes with some readings on wfuzz for fuzzing and an alternative for directory brute forcing which is PathBrute.
Automate with WFUZZ
Directory Brute Force alternative with PathBrute
From Sam (CoffeeJunkie). Through out the years, directory brute forcing has been something that people tend to do in order to find endpoints. Different tools have been created in order to make directory brute forcing more efficient, as an example, nowadays we have ffuf and dirsearch as something that people tend to use in the journey. There are several tools to do this process, but this time PathBrute seemed as a great alternative to try.
What does it make PathBrute an alternative?
- The wordlists for different exploitation paths that comes included with the tool.
- Reduce the number of results for wordlists with URI paths with nested directories
This is an example of the options available for PathBrute.
$ ./pathBrute -h Options: -h, --help display help information -U, --filename File containing list of websites -u, --url Url of website -P, --Paths File containing list of URI paths -p, --path URI path -s, --source Path source (default | msf | exploitdb | exploitdb-asp | exploitdb-aspx | exploitdb-cfm | exploitdb-cgi | exploitdb-cfm | exploitdb-jsp | exploitdb-perl | exploitdb-php | exploitdb-others | RobotsDisallowed | SecLists) -n, --threads No of concurrent threads (default: 2) -c Show only certain status code (e.g. -c 200) -e Exclude certain status code (e.g. -e 404) -i Intelligent mode -v, --verbose Verbose mode --cms Fingerprint CMS -x Test a URI path across all target hosts instead of testing all URI paths against a host before moving onto next host -l, --log Output to log file -r Resume from x as in [x of 9999] --pHost IP of HTTP proxy --pPort Port of HTTP proxy (default 8080) --ua Set User-Agent --timeout Set timeout to x seconds --update Update URI path wordlists from Github --skip Skip sites that don't give any useful results (e.g. OWA, VPN, etc) --confirm Confirm using more than 100 threads (use with -n option) -q, --query Lookup URI paths that were found against ExploitDB)