# Web Fuzzing **ffuf:** A fast web fuzzer written in Go. ``` ffuf -w /path/to/wordlist -u https://target/FUZZ ``` [**Arjun**](https://github.com/s0md3v/Arjun)**:** This tool can find query parameters for URL enpoints. If you don't get what that means, it's okay, read along. ``` arjun -u https://api.example.com/endpoint ``` [**vaf**](https://github.com/d4rckh/vaf)**:** very advanced (web) fuzzer. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MZwNx13XY_sYHn5WRSd%2F-MZwUbjxuAePRkcac8Pp%2Fimage.png?alt=media\&token=2d62aac1-8bc9-476d-9a7d-a0f29768e9a4) [**parameth**](https://github.com/maK-/parameth)**:** This tool can be used to brute discover GET and POST parameters. [**ParamSpider**](https://github.com/devanshbatham/ParamSpider)**:** Mining parameters from dark corners of Web Archives. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MY4rf_e12wpXzZYNXoy%2F-MY4srEigYtXv3VnbVwk%2Fimage.png?alt=media\&token=74abe042-b15f-43fd-8b0e-868ddabf3d33) [**smuggler**](https://github.com/defparam/smuggler): An HTTP Request Smuggling / Desync testing tool written in Python 3. ``` python3 smuggler.py -u ``` Reference: [**DirDar**](https://github.com/blackhatethicalhacking/DirDar): DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it. [![asciicast](https://asciinema.org/a/391851.svg)](https://asciinema.org/a/391851) [**HackBar**](https://github.com/d3vilbug/HackBar)**:** HackBar plugin for Burpsuite. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MYEu5m6ury37HNlRkNP%2F-MYEu8nLmpzXhWB3Rh9t%2F68747470733a2f2f692e696d6775722e636f6d2f726c48494a6b6f2e676966.gif?alt=media\&token=a1096db2-c02c-4f4a-a5ec-cfa89a68d030) **x8-Burp:** Discovering hidden parameters with burp. {% embed url="" %} [**jsql-injection**](https://github.com/ron190/jsql-injection)**:** jSQL Injection is a Java application for automatic SQL database injection. ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MYKi5ut2LTXKjUQ3vXl%2F-MYM03x-Kn_uVgQSC3pk%2Fimage.png?alt=media\&token=211c4eb2-779f-4dea-8224-e9b09b5f33cf) [**HTTP Request Smuggling Detection Tool**](https://github.com/anshumanpattnaik/http-request-smuggling) ![](https://4052868066-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MWd-VcvRHVgUtkahm85%2F-MgvrX1JSaLJzVve66kY%2F-MgwSsu4t-UreoUZSOnj%2Fimage.png?alt=media\&token=4a35c9f0-7d36-4e46-a680-b27b27042d62) ## Bonus {% embed url="" %} ``` /cgi-bin/redirect.cgi?{payload} /login?to={payload} /out/{payload} /out?{payload} /redirect/{payload} ?action={payload} ?arg={payload} ?begindate={payload} ?board={payload} ?cat={payload} ?category={payload} ?categoryid={payload} ?checkout_url={payload} ?class={payload} ?cmd={payload} ?code={payload} ?command={payload} ?conf={payload} ?content={payload} ?continue={payload} ?date={payload} ?dest={payload} ?destination={payload} ?detail={payload} ?dir={payload} ?do={payload} ?doc={payload} ?document={payload} ?download={payload} ?email={payload} ?enddate={payload} ?exe={payload} ?exec={payload} ?execute={payload} ?feature={payload} ?file={payload} ?folder={payload} ?form={payload} ?func={payload} ?function={payload} ?go={payload} ?id={payload} ?image_url={payload} ?immagine={payload} ?inc={payload} ?include={payload} ?item={payload} ?join={payload} ?jump={payload} ?key={payload} ?keyword={payload} ?keywords={payload} ?l={payload} ?lang={payload} ?layout={payload} ?list_type={payload} ?load={payload} ?locate={payload} ?main={payload} ?menu={payload} ?mod={payload} ?module={payload} ?month={payload} ?name={payload} ?nav={payload} ?news={payload} ?next={payload} ?option={payload} ?p={payload} ?page={payload} ?path={payload} ?payload={payload} ?ping={payload} ?prefix={payload} ?print={payload} ?process={payload} ?q={payload} ?query={payload} ?read={payload} ?redir={payload} ?redirect={payload} ?redirect_uri={payload} ?ref={payload} ?reg={payload} ?region={payload} ?req={payload} ?return={payload} ?returnTo={payload} ?return_path={payload} ?return_to={payload} ?run={payload} ?rurl={payload} ?s={payload} ?search={payload} ?show={payload} ?site={payload} ?step={payload} ?target={payload} ?terms={payload} ?thread={payload} ?title={payload} ?topic={payload} ?type={payload} ?url={payload} ?view={payload} ?year={payload} ``` {% embed url="" %}