Getting started
Knowledge hub
- Overview
-
-
- 34 M Wordlist Subdomain Brute Force
- Asn Based Network Scan
- Asset Discovery and Vulnerability Scanning
- Custom Subdomain Brute Force Wordlist From Ip Ranges
- Enumerate Cloud Resources
- Full Subdomain Enumeration
- Get Ips and Cnames
- Getdns
- Github Recon and Scanner
- Hostnames S3 Bucket Finder
- Simple Content Discovery
-
-
- amass
- anew
- apkurlgrep
- assetfinder
- cent
- cero
- cewl
- cloudenum
- crosslinked
- dnsdumpster-dns-lookup
- dnsdumpster-host-search
- dnstwist
- dnsvalidator
- dsieve
- dumpsterdiver
- eyeballer
- ffuf
- find-gh-poc
- findomain
- gau
- generate-yaml-report
- get-asn-prefixes
- get-trickest-output
- gf
- github-subdomains
- goaltdns
- gospider
- gotator
- hakcheckurl
- httprobe
- httpx
- infoga
- ipinfo
- jldc-subdomains
- katana
- mapcidr
- mass-linkfinder
- masscan
- massdns
- meg
- mksub
- naabu
- notify
- nrich
- nuclei
- oneforall
- puredns
- pymeta
- s3scanner
- securitytrails-subdomains
- spiderfoot
- sslyze
- subdomainizer
- subfinder
- tlsx
- uncover
- unfurl
- uro
- vita
- webanalyze-1
- webanalyze
- x8
Tutorials
- Creating a Workflow
- Downloading a Result
- Executing a Workflow
- How Do Machines Work
- Keeping Track of a Run
- Navigating in Workflow Editor
- Overview
- Saving a Workflow and History
- Scheduling a Workflow
- Using Workflows From Library
Concepts
Brute-Force Files & Directories on a List of Hosts
Getting as much information about web application structure is sometimes crucial for any penetration testing & bug bounty engagement. Exposed files and directories could contain secrets (../.env or dockercompose.yaml files for example), be vulnerable to specific exploits, give unprivileged access on new endpoint, etc.
Complexity: intermediate
Category: Web Discovery
Tools
Setup
You can set up this workflow by changing initial input value:
- URL_LIST - provide a file containing a list of web servers, as a target
In the example below, we’re providing a sample as a target:
Workflow Targets Setup
Execution and results
After setup workflow is ready to be executed. Once workflow’s last node, jq script, is finished result can be viewed and downloaded.
jq node will contain parsed output of ffuf.
Try it out!
This workflow is available in the Library, you can copy it and execute it immediately!
Improve this workflow
- Changing machine type of tools to speed up the execution
- Executing the workflow on multiple instances
grepdifferent status-codes and sort them- bypass 403 status codes
- use notify and anew to send newly found files and directories as notification messages
Get a Video Demo
Fill out and submit this form to receive an in-depth video demo of the Trickest platform.
Talk To Sales
Fill out the form and we'll get back to you about any questions you have on our products, services, pricing, or scheduling a demo.