# Fuzzing

## WFUZZ Unknown Directory

* Find 'secret.py' in an Unknown Directory
* **404** is the 'error' page we'll get when its legit
* Use 'FUZZ' as the Target path
* Wordlists:
  * /usr/share/wfuzz/wordlist/general/big.txt
  * /opt/wfuzz/wordlist/general/big.txt

```
wfuzz -w big.txt --hc '404' -u http://10.x.x.x/FUZZ/secret.py
```

## More:

* [Hydra/Bruteforcing](https://pentest.mxhx.org/05-passwords-ciphers/hydra)
* [Fuzzing-LFI-Burp](https://pentest.mxhx.org/04-webapps/lfi#fuzzing-lfi)