Directory & File Discovery

Test for directory traversal

General & Tricks

# Check for .git 
# If there is a git, possible to download the source code

# Check for temp saved files
# Vim creates .swp files
index.php/.admin.html.swp  

# Path traversal cheat sheet
https://www.gracefulsecurity.com/path-traversal-cheat-sheet-linux/
https://pentestwiki.org/wiki/Path_traversal#Windows

Patator

# Fuzzing
patator http_fuzz url=http://10.10.10.150/FILE0 0=wordlist.txt -x ignore:code=400 -x ignore:code=404


# Auth basic
patator http_fuzz url=https://IP/FILE0 0=.wordlisttxt -x ignore:code=400 -x ignore:code=404 header='Authorization: Basic YOUR_BASE64_HERE'

# Admin wordlist
patator http_fuzz url='url/FILE0' 0=wordlist/admin.lst -x ignore:code=400 -x ignore:code=404 -x ignore:code=403 

# Directory wordlist (dirbuster)
patator http_fuzz url='url/FILE0' 0=wordlist/directory-lowercase.txt -x ignore:code=400 -x ignore:code=404 -x ignore:code=403

# File wordlist (raft)
patator http_fuzz url='url/FILE0' 0=wordlist/raft-lowercase.txt -x ignore:code=400 -x ignore:code=404 -x ignore:code=403

DIRs endpoits

/uplynk/examples/dash.html