cd /usr/share/seclists/Passwords/ sudo tar -xzvf rockyou.txt.tar.gz | File | Use | |------|-----| | Usernames/top-usernames-shortlist.txt | Quick user enum | | Usernames/xato-net-10-million-usernames.txt | Massive username list | Parameter Discovery | File | Use | |------|-----| | Discovery/Web_Parameters/parameters.txt | Common parameter names | | Discovery/Web_Parameters/param_mini.txt | Small, fast list |
ffuf -u http://example.com -H "Host: FUZZ.example.com" -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt | File | Use | |------|-----| | Fuzzing/sql-injection.txt | SQLi payloads | | Fuzzing/XSS.txt | XSS vectors | | Fuzzing/LFI/LFI-graceful.txt | Local file inclusion | | Fuzzing/XXE/xxe-injection.txt | XXE payloads | | Fuzzing/command-injection.txt | OS command injection | seclists
Happy hunting.