Description
This plugin tries to find new URL’s by changing the numbers that are present on it. Two configurable parameters exist:
- fuzzImages
- maxDigitSections
An example will clarify what this plugin does, let’s suppose that the input for this plugin is:
- http://host.tld/index1.asp
This plugin will request:
- http://host.tld/index0.asp
- http://host.tld/index2.asp
If the response for the newly generated URL’s is not an 404 error, then the new URL is a valid one that can contain more information and injection points.
Plugin type
Options
Name | Type | Default Value | Description | Help |
fuzzImages | boolean | False | Apply URL fuzzing to all URLs, including images, videos, zip, etc. | It’s safe to leave this option as the default. |
maxDigitSections | integer | 4 | Set the top number of sections to fuzz | It’s safe to leave this option as the default. For example, with maxDigitSections = 1, this string wont be fuzzed: abc123def234 ; but this one will abc23ldd. |
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.