% web, webapp, burp, fuzzing # Directory fuzzing with ffuf ffuf -u http:///FUZZ -w # Directory fuzzing with extensions ffuf -u http:///FUZZ -w -e .php,.html,.txt,.bak # Subdomain fuzzing ffuf -u http://FUZZ. -w -H "Host: FUZZ." # POST parameter fuzzing ffuf -u http:///login -X POST -d "username=admin&password=FUZZ" -w # Filter by status code ffuf -u http:///FUZZ -w -fc 404 # Filter by response size ffuf -u http:///FUZZ -w -fs 0 # Gobuster directory scan gobuster dir -u http:// -w # Gobuster with extensions gobuster dir -u http:// -w -x php,html,txt # Nikto scan nikto -h http:// # WhatWeb (technology detection) whatweb http:// # SQLMap basic sqlmap -u "http:///page.php?id=1" --batch # SQLMap dump database sqlmap -u "http:///page.php?id=1" --dbs --batch # SQLMap dump tables sqlmap -u "http:///page.php?id=1" -D --tables --batch # XSS test payload # Curl with POST data curl -X POST http:///login -d "username=admin&password=test" -v # Curl with cookies curl http:// -b "session=" # Curl with headers curl http:// -H "Authorization: Bearer " $ target: echo "" $ domain: echo "" $ wordlist: echo "/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt" $ database: echo "" $ cookie: echo "" $ token: echo ""