Web Fuzzing
ffuf: A fast web fuzzer written in Go.
1
ffuf -w /path/to/wordlist -u https://target/FUZZ
Copied!
Arjun: This tool can find query parameters for URL enpoints. If you don't get what that means, it's okay, read along.
1
arjun -u https://api.example.com/endpoint
Copied!
vaf: very advanced (web) fuzzer.
parameth: This tool can be used to brute discover GET and POST parameters.
ParamSpider: Mining parameters from dark corners of Web Archives.
smuggler: An HTTP Request Smuggling / Desync testing tool written in Python 3.
1
python3 smuggler.py -u <URL>
Copied!
DirDar: DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it.
HackBar: HackBar plugin for Burpsuite.
x8-Burp: Discovering hidden parameters with burp.
GitHub - Impact-I/x8-Burp: Hidden parameters discovery suite
GitHub
jsql-injection: jSQL Injection is a Java application for automatic SQL database injection.

Bonus

GitHub - lutfumertceylan/top25-parameter: For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
GitHub
1
/cgi-bin/redirect.cgi?{payload}
2
/login?to={payload}
3
/out/{payload}
4
/out?{payload}
5
/redirect/{payload}
6
?action={payload}
7
?arg={payload}
8
?begindate={payload}
9
?board={payload}
10
?cat={payload}
11
?category={payload}
12
?categoryid={payload}
13
?checkout_url={payload}
14
?class={payload}
15
?cmd={payload}
16
?code={payload}
17
?command={payload}
18
?conf={payload}
19
?content={payload}
20
?continue={payload}
21
?date={payload}
22
?dest={payload}
23
?destination={payload}
24
?detail={payload}
25
?dir={payload}
26
?do={payload}
27
?doc={payload}
28
?document={payload}
29
?download={payload}
30
?email={payload}
31
?enddate={payload}
32
?exe={payload}
33
?exec={payload}
34
?execute={payload}
35
?feature={payload}
36
?file={payload}
37
?folder={payload}
38
?form={payload}
39
?func={payload}
40
?function={payload}
41
?go={payload}
42
?id={payload}
43
?image_url={payload}
44
?immagine={payload}
45
?inc={payload}
46
?include={payload}
47
?item={payload}
48
?join={payload}
49
?jump={payload}
50
?key={payload}
51
?keyword={payload}
52
?keywords={payload}
53
?l={payload}
54
?lang={payload}
55
?layout={payload}
56
?list_type={payload}
57
?load={payload}
58
?locate={payload}
59
?main={payload}
60
?menu={payload}
61
?mod={payload}
62
?module={payload}
63
?month={payload}
64
?name={payload}
65
?nav={payload}
66
?news={payload}
67
?next={payload}
68
?option={payload}
69
?p={payload}
70
?page={payload}
71
?path={payload}
72
?payload={payload}
73
?ping={payload}
74
?prefix={payload}
75
?print={payload}
76
?process={payload}
77
?q={payload}
78
?query={payload}
79
?read={payload}
80
?redir={payload}
81
?redirect={payload}
82
?redirect_uri={payload}
83
?ref={payload}
84
?reg={payload}
85
?region={payload}
86
?req={payload}
87
?return={payload}
88
?returnTo={payload}
89
?return_path={payload}
90
?return_to={payload}
91
?run={payload}
92
?rurl={payload}
93
?s={payload}
94
?search={payload}
95
?show={payload}
96
?site={payload}
97
?step={payload}
98
?target={payload}
99
?terms={payload}
100
?thread={payload}
101
?title={payload}
102
?topic={payload}
103
?type={payload}
104
?url={payload}
105
?view={payload}
106
?year={payload}
Copied!
GitHub - afwu/leaky-paths: A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
GitHub
Last modified 1mo ago
Copy link
Contents
Bonus