URL Fuzzer
Find Hidden Files and Directories on A Website
Full Scan
Full Scan might take 1 – 2 hours to complete. Please insert ONLY corporate emails to continue the full scan features and receive the report. (Free email providers such as Gmail, Yahoo would not be accepted)
Are you sure want to stop scanning?
You will not get any report once the scan is stopped.
Find Hidden Files and Directories on A Website
Contents of the Report
- Identified files and directories
- The HTTP response code for each file

Use Cases for URL Fuzzer
Your web server might be improperly configured to protect from web attacks. By using the URL Fuzzer, you can verify whether proper security measures have been put in place to prevent external parties from accessing something that they should not have access to.
Technical Details
Sometimes the web server administrator does not even know what is in the server itself and actually accessible from the outside world. Many organizations do not have adequate security measures to restrict what is or is not publicly accessible on their websites.
This unintentionally leaves sensitive information unprotected and free to be leaked to the public. Fuzz testing, or Fuzzing as it is also known, is a discovery activity which allows you to discover resources that were not meant to be publicly accessible (ex. /backups, /index.php.old, /archive.tgz, /source_code.zip, etc).
Running the fuzz tests with the URL Fuzzer can help you discover hidden files or find hidden directories that contain sensitive information.
How it works?
To discover hidden files and discoveries, the URL Fuzzer uses a custom-built wordlist. The wordlist contains more than 1,000 common names of known files and directories to run the fuzz test. An HTTP request to the target will be made with every word in the wordlist.
When the results for files and directories are generated in the report, the corresponding HTTP response codes and the page sizes are also returned together.
This tool is configurable with the option to scan configuration files, source code files, compressed or archived files, database files, log files, and more. Custom file extensions can be also specified if you have special requirements. For more powerful search, mutation can be also enabled to find other related resources.