OSCP tool question

mabraFoomabraFoo Member Posts: 23 ■□□□□□□□□□
-Please keep responses on topic- :)
I started the OSCP a while ago with no pen testing experience and don't work with any security folks. I don't know if this tool exists, but if it does, I am dying to use it.

Suppose a server is vulnerable to a particular url path.
softwarename/xyz_softwarename.php?something=blah

But the url path is hidden under a directory called secret or hidden.

To be able to find it you first need to use dirbuster or dirb using a wordlist containing secret/hidden. Then use wfuzz or nikto.

As far as I know, beef, wfuzz, and nikto won't be of any use because they won't expect the url path to be under an unusual directory.

Basically I am looking for a dirb + wfuzz hybrid. Maybe one of these tools already does this. Feel free to message me if you don't want to share too much info with the internet.

Comments

  • iBrokeITiBrokeIT GDSA, GRID, GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, Pen+, CySA+, Sec+, N+, A+, eJPT Member Posts: 1,315 ■■■■■■■■■□
    Sounds like you want Burp Suite, it is in Kali
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON GCWN Linux+

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops
  • LiindoladeLiindolade Member Posts: 21 ■□□□□□□□□□
    You can pass your secret directory to nikto, i.e. "nikto -host http://example.org/secret/"

    In addition, nikto comes with a "dictionary" plugin that should help with the discovery of such directories.
Sign In or Register to comment.