URL Fuzzer

Find Hidden Files and Directories on A Website 

Find Hidden Files and Directories on A Website 

Contents of the Report

Here is what you can expect in Scantrics’ URL Fuzzer report:
  • Identified files and directories
  • The HTTP response code for each file
URL Fuzzer Scanner

Use Cases for URL Fuzzer

Using the URL Fuzzer, you might be able to find out some hidden files and directories that you never knew before – some of them might be hidden functionalities of your web applications. More information can be discovered and even some vulnerabilities with this tool.
Sensitive information such as environment variables, configuration files, credentials, database files, SSH key pairs, or even your Git repositories may be unintentionally exposed to the public. Use the URL Fuzzer to uncover them and take appropriate action on the server side so that access to these files can be secured and blocked.

Your web server might be improperly configured to protect from web attacks. By using the URL Fuzzer, you can verify whether proper security measures have been put in place to prevent external parties from accessing something that they should not have access to.

Technical Details

Sometimes the web server administrator does not even know what is in the server itself and actually accessible from the outside world. Many organizations do not have adequate security measures to restrict what is or is not publicly accessible on their websites.

This unintentionally leaves sensitive information unprotected and free to be leaked to the public. Fuzz testing, or Fuzzing as it is also known, is a discovery activity which allows you to discover resources that were not meant to be publicly accessible (ex. /backups, /index.php.old, /archive.tgz, /source_code.zip, etc).

Running the fuzz tests with the URL Fuzzer can help you discover hidden files or find hidden directories that contain sensitive information.

How it works?

How it works

To discover hidden files and discoveries, the URL Fuzzer uses a custom-built wordlist. The wordlist contains more than 1,000 common names of known files and directories to run the fuzz test. An HTTP request to the target will be made with every word in the wordlist.

When the results for files and directories are generated in the report, the corresponding HTTP response codes and the page sizes are also returned together.

This tool is configurable with the option to scan configuration files, source code files, compressed or archived files, database files, log files, and more. Custom file extensions can be also specified if you have special requirements. For more powerful search, mutation can be also enabled to find other related resources.

Explore More of Our Tools

TCP Port Scanner

TCP Port Scanner

Check any open TCP Port on your server
Run Scan
UDP Port Scanner

UDP Port Scanner

Check any open UDP Port on your server
Run Scan
Virtual Host Checker

Virtual Host Checker

Check virtual hosts residing in the IP Address
Run Scan
Subdomain Scanner

Subdomain Finder

Find any associated subdomians in your organization
Run Scan
Drupal Scanner

Drupal Scanner

Scan and check your Drupal Website Vulnerability and Configuration
Run Scan
Network Vulnerability

Network Vulnerability Scanner

Run Network Assessment On Your Infrastructure
Run Scan
XSS Scanner

XSS Scanner

Find out for any XSS Vulnerability in Your Website
Run Scan
Website Scanner

Website Scanner

Check for any vulnerability in your website
Run Scan
Wordpress Scanner

WordPress Scanner

Run Vulnerability Scan For Your WordPress Website
Run Scan
SQLi Scanner

SQLi Scanner

Scan and Find Out SQL Injection Flaw In Your Database
Run Scan