How to find hidden directories and files in any website

Learn How to Discover Hidden Files and directories in any website Find .zip , php, .rar files in any website without zero programming knowledge So learn How to Find Hidden Files and Directories 

About this tool

The URL Fuzzer can be used to find hidden files and directories on a web server by fuzzing.

This is a discovery activity which allows you to discover resources that were not meant to be publicly accessible (ex. /backups, /index.php.old, /archive.tgz, /source_code.zip, etc).
Since 'security by obscurity' is not a good practice, we can often find senitive information in the hidden locations identified by the URL Fuzzer.

Parameters

Base URL: This is the URL on the target server that will be fuzzed. All the requests will be done by using this value as base URL
Search for directories: If selected, the tool will search for directories located at the base URL
Search for files: If selected, the tool will search for files located at the base URL. You can specify the file extension that you want to search, including double extensions (ex. .php.old, .jsp.bak, .tgz, etc)


How it works

The URL Fuzzer uses a custom built wordlist for discovering hidden files and directories. The wordlist contains more than 1000 common names of known files and directories. For each WORD in the wordlist, it will make an HTTP request to: Base_URL/WORD/ or to Base_URL/WORD.EXT in case you chose to fuzz a certain EXTension.

The files and directories that are found, are returned together with their HTTP response code.

Add your comment Hide comment