OSCP tool question
mabraFoo
Member Posts: 23 ■□□□□□□□□□
-Please keep responses on topic- 
I started the OSCP a while ago with no pen testing experience and don't work with any security folks. I don't know if this tool exists, but if it does, I am dying to use it.
Suppose a server is vulnerable to a particular url path.
softwarename/xyz_softwarename.php?something=blah
But the url path is hidden under a directory called secret or hidden.
To be able to find it you first need to use dirbuster or dirb using a wordlist containing secret/hidden. Then use wfuzz or nikto.
As far as I know, beef, wfuzz, and nikto won't be of any use because they won't expect the url path to be under an unusual directory.
Basically I am looking for a dirb + wfuzz hybrid. Maybe one of these tools already does this. Feel free to message me if you don't want to share too much info with the internet.
I started the OSCP a while ago with no pen testing experience and don't work with any security folks. I don't know if this tool exists, but if it does, I am dying to use it.
Suppose a server is vulnerable to a particular url path.
softwarename/xyz_softwarename.php?something=blah
But the url path is hidden under a directory called secret or hidden.
To be able to find it you first need to use dirbuster or dirb using a wordlist containing secret/hidden. Then use wfuzz or nikto.
As far as I know, beef, wfuzz, and nikto won't be of any use because they won't expect the url path to be under an unusual directory.
Basically I am looking for a dirb + wfuzz hybrid. Maybe one of these tools already does this. Feel free to message me if you don't want to share too much info with the internet.
Comments
-
iBrokeIT
GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,289 ■■■■■■■■■□
Sounds like you want Burp Suite, it is in Kali2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA | eCPPT | eWPT | eCTHP
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security -
Liindolade
Member Posts: 21 ■□□□□□□□□□
You can pass your secret directory to nikto, i.e. "nikto -host http://example.org/secret/"
In addition, nikto comes with a "dictionary" plugin that should help with the discovery of such directories.