This plugin will try to find new URL’s based on the input. If the input is for example:

  • http://a/a.html

The plugin will request:

  • http://a/a.html.tgz
  • http://a/a.tgz
  • http://a/
  • … etc

If the response is different from the 404 page (whatever it may be, automatic detection is performed), then we have found a new URL. This plugin searches for backup files, source code, and other common extensions. One configurable parameter exist:

  • fuzz_images

Plugin type



Name Type Default Value Description Help
fuzz_images boolean False Apply URL fuzzing to all URLs, including images, videos, zip, etc. Don’t change this unless you read the plugin code.


For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code


This plugin depends on infrastructure.allowed_methods.