Day 82/100 Hack and Improvement

1 minute read

Day 82 comes with some readings on wfuzz for fuzzing and an alternative for directory brute forcing which is PathBrute.

Automate with WFUZZ

From Rajesh Ranjan. Here is the link for the article.

Directory Brute Force alternative with PathBrute

From Sam (CoffeeJunkie). Through out the years, directory brute forcing has been something that people tend to do in order to find endpoints. Different tools have been created in order to make directory brute forcing more efficient, as an example, nowadays we have ffuf and dirsearch as something that people tend to use in the journey. There are several tools to do this process, but this time PathBrute seemed as a great alternative to try.

What does it make PathBrute an alternative?

  1. The wordlists for different exploitation paths that comes included with the tool.
  2. Reduce the number of results for wordlists with URI paths with nested directories

This is an example of the options available for PathBrute.

$ ./pathBrute -h

  -h, --help       display help information
  -U, --filename   File containing list of websites
  -u, --url        Url of website
  -P, --Paths      File containing list of URI paths
  -p, --path       URI path
  -s, --source     Path source (default | msf | exploitdb | exploitdb-asp | exploitdb-aspx | exploitdb-cfm | exploitdb-cgi | exploitdb-cfm | exploitdb-jsp | exploitdb-perl | exploitdb-php | exploitdb-others | RobotsDisallowed | SecLists)
  -n, --threads    No of concurrent threads (default: 2)
  -c               Show only certain status code (e.g. -c 200)
  -e               Exclude certain status code (e.g. -e 404)
  -i               Intelligent mode
  -v, --verbose    Verbose mode
      --cms        Fingerprint CMS
  -x               Test a URI path across all target hosts instead of testing all URI paths against a host before moving onto next host
  -l, --log        Output to log file
  -r               Resume from x as in [x of 9999]
      --pHost      IP of HTTP proxy
      --pPort      Port of HTTP proxy (default 8080)
      --ua         Set User-Agent
      --timeout    Set timeout to x seconds
      --update     Update URI path wordlists from Github
      --skip       Skip sites that don't give any useful results (e.g. OWA, VPN, etc)
      --confirm    Confirm using more than 100 threads (use with -n option)
  -q, --query      Lookup URI paths that were found against ExploitDB)


Leave a comment