ProjectDiscovery
Content-Discovery Template for workflows #5499
Replies: 3 comments 1 reply
-
|
Hey @ph-hitachi ! Thanks for the question - I don't have any samples off the top of my head, @dwisiswant0 do we know of any related templates? |
Beta Was this translation helpful? Give feedback.
-
|
We already have a template for conducting a dynamic analysis under |
Beta Was this translation helpful? Give feedback.
-
|
yup, and its great but i'm looking for content-discovery (directory, page, parameters) template uses wordlist payload where i can pipe it into already existing |
Beta Was this translation helpful? Give feedback.
-
|
Hi @dwisiswant0, im looking for something like this id: hidden-parameter-discovery-dynamic
info:
name: Hidden Parameter Discovery with Dynamic Path and Query Fuzzing
author: ph-hitachi
severity: info
tags: fuzzing, parameter-discovery
requests:
- method: GET
path:
- "{{BaseURL}}FUZZ"
headers:
User-Agent: Nuclei
matchers:
- type: status
status:
- 200
- 301
- 302
- 403
- 401
- type: size
part: body
condition: ">="
value: 10
- type: size
part: body
condition: "<="
value: 100
payloads:
FUZZ:
- "?FUZZ=value"
- "&FUZZ=value"
FUZZ_VALUES:
- "id"
- "user"
- "admin"
- "token"
- "auth"
- "password"
- "email"
- "action"
- "type"
- "debug"
- "test"
# Rate limiting to prevent overwhelming the target server
max-redirects: 2
max-reqs-per-host: 5Initial Request: A baseline request is sent without any parameters, and the size of the response is noted. Detection Logic:
|
Beta Was this translation helpful? Give feedback.
-
Hi,
im looking for content-discovery template like finding directory, page, parameters including hidden ones im aware that there so many tools as good for this but my goal is to create a workflows template where we can combine dast/fuzz template. can anyone provide samples for this?
Beta Was this translation helpful? Give feedback.
All reactions