Directory & File Discovery

Test for directory traversal

General & Tricks

# Check for .git 
# If there is a git, possible to download the source code

# Check for temp saved files
# Vim creates .swp files

# Path traversal cheat sheet


# Fuzzing
patator http_fuzz url= 0=wordlist.txt -x ignore:code=400 -x ignore:code=404

# Auth basic
patator http_fuzz url=https://IP/FILE0 0=.wordlisttxt -x ignore:code=400 -x ignore:code=404 header='Authorization: Basic YOUR_BASE64_HERE'

# Admin wordlist
patator http_fuzz url='url/FILE0' 0=wordlist/admin.lst -x ignore:code=400 -x ignore:code=404 -x ignore:code=403 

# Directory wordlist (dirbuster)
patator http_fuzz url='url/FILE0' 0=wordlist/directory-lowercase.txt -x ignore:code=400 -x ignore:code=404 -x ignore:code=403

# File wordlist (raft)
patator http_fuzz url='url/FILE0' 0=wordlist/raft-lowercase.txt -x ignore:code=400 -x ignore:code=404 -x ignore:code=403

DIRs endpoits