// PHASE 2 · Directory & File Discovery

Directory & File Discovery

Banyak file dan direktori sensitif yang tidak dilink dari halaman utama tapi masih bisa diakses. Fuzzing membantu menemukan aset tersembunyi ini.

Tools Utama

1. ffuf (Fuzz Faster U Fool) — Paling Populer

# Basic directory fuzzing
ffuf -u https://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt

# Filter by status code
ffuf -u https://target.com/FUZZ -w wordlist.txt -mc 200,301,302

# Fuzzing parameter
ffuf -u "https://target.com/page?FUZZ=value" -w params.txt

# Fuzzing dengan extension
ffuf -u https://target.com/FUZZ -w wordlist.txt -e .php,.bak,.old,.txt

2. Gobuster

gobuster dir -u https://target.com -w wordlist.txt -x php,html,txt

3. Dirsearch

dirsearch -u https://target.com -e php,html,js,txt,bak

Wordlist Terbaik

Wordlist	Ukuran	Use Case
common.txt	~4k	Quick scan
directory-list-2.3-medium.txt	~220k	Standard scan
SecLists/Discovery/Web-Content/	Varies	Comprehensive
raft-large-directories.txt	~62k	Directories only

File Sensitif yang Sering Ditemukan

# Config files
/.env              ← DB credentials, API keys!
/config.php
/wp-config.php
/database.yml

# Backup files
/backup.zip
/db_backup.sql
/index.php.bak

# Admin panels
/admin/
/administrator/
/phpmyadmin/
/wp-admin/

# Git exposure
/.git/config       ← Source code leak!
/.git/HEAD

High value target: File .env yang terekspos bisa mengandung database credentials, API keys (AWS, Stripe, SendGrid), dan secret keys. Ini sering dinilai Critical di bug bounty!

// CEK PEMAHAMAN

Mengapa file .env yang terekspos di web publik dianggap Critical severity?

AKarena mengandung konfigurasi web server

BMengandung database credentials, API keys, dan secret keys sensitif

CBerisi source code aplikasi lengkap

DMenyimpan log error aplikasi

Port Scanning Technology Fingerprinting