You are currently viewing Advance Directory Fuzzing And Subdomain Takeover Using FFUF And HostileSubBruteforcer

Advance Directory Fuzzing And Subdomain Takeover Using FFUF And HostileSubBruteforcer

Hello All

I hope you all are good this is my 4th blog on advance bug bounty tips and tricks. Today’s our topic is Advance Directory Fuzzing And Subdomain Takeover So let’s start.

Subdomain takeover

We will use a tool to find subdomain takeover vulnerability tool: HostileSubBruteforcer

This app will bruteforce for exisiting subdomains and provide the following information:

  • IP address
  • Host
  • if the 3rd party host has been properly setup. (for example if site.example.com is poiting to a nonexisiting Heroku subdomain, it’ll alert you) -> Currently only works with AWS, Github, Heroku, shopify, tumblr and squarespace.

There may be some false positives depending on the host configurations. (Tried to take them out as much as possible) Also works recursively at the end to get the subdomains under the ones that it has already found and dumps all your data into an output.txt file just in case (fresh one gets created at the beginning of each process).

Tool link :- https://github.com/nahamsec/HostileSubBruteforcer

How to install It 

  1. git clone https://github.com/nahamsec/HostileSubBruteforcer

  2. cd HostileSubBruteforcer

  3. ruby sub_brute.rb –fast

Directory Fuzzing Using FFUF

Install :- 

  • Download a prebuilt binary from releases page, unpack and run!

    or

  • If you have recent go compiler installed: go get -u github.com/ffuf/ffuf (the same command works for updating)

    or

  • git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go build

Ffuf depends on Go 1.13 or greater.

usage : ffuf -w /path/to/wordlist -u https://target/FUZZ

 

Now let’s scan all subdomain in one single command 

findomain -t exmple.com | sed 's#*.# #g' | httpx -silent -threads 10 | xargs [email protected] sh -c 'ffuf -w path.txt -u @/FUZZ -mc 200'
see....
This will automate Directory Fuzzing process..

 
Thanks For Reading 

Leave a Reply