Raccomando di utilizzare skipfish :
Il frammento di seguito è tratto da ./skipfish/doc/dictionaries.txt
(è meglio leggere l'intero documento):
"The basic dictionary-dependent modes you should be aware of (in order of the
associated request cost):
1) Orderly crawl with no DirBuster-like brute-force at all. In this mode, the
scanner will not discover non-linked resources such as /admin,
/index.php.old, etc:
$ ./skipfish -W- -L [...other options...]
This mode is very fast, but NOT recommended for general use because
the lack of dictionary bruteforcing will limited the coverage. Use
only where absolutely necessary.
2) Orderly scan with minimal extension brute-force. In this mode, the scanner
will not discover resources such as /admin, but will discover cases such as
/index.php.old (once index.php itself is spotted during an orderly crawl):
$ touch new_dict.wl
$ ./skipfish -S dictionaries/extensions-only.wl -W new_dict.wl -Y [...other options...]
This method is only slightly more request-intensive than #1, and therefore,
is a marginally better alternative in cases where time is of essence. It's
still not recommended for most uses. The cost is about 100 requests per
fuzzed location.
3) Directory OR extension brute-force only. In this mode, the scanner will only
try fuzzing the file name, or the extension, at any given time - but will
not try every possible ${filename}.${extension} pair from the dictionary.
$ touch new_dict.wl
$ ./skipfish -S dictionaries/complete.wl -W new_dict.wl -Y [...other options...]
This method has a cost of about 2,000 requests per fuzzed location, and is
recommended for rapid assessments, especially when working with slow
servers or very large services.
4) Normal dictionary fuzzing. In this mode, every ${filename}.${extension}
pair will be attempted. This mode is significantly slower, but offers
superior coverage, and should be your starting point."
Per ulteriori dizionari, consulta fuzzdb . In particolare, i file in:
fuzzdb-1.09 / Discovery / Nome fileBruteforce
fuzzdb-1.09 / Discovery / PredictableRes
Un altro: Better WordLists per la navigazione forzata