Kali Seclists //top\\ -

gobuster dir -u http://target.com -w /usr/share/seclists/Discovery/Web_Content/directory-list-2.3-medium.txt -t 50 You are hunting for subdomains of example.com .

sudo apt install seclists cd /usr/share/seclists/ ls -la Then, go find something critical before the bad guys do. Have a favorite SecLists wordlist I missed? Drop it in the comments below! kali seclists

Yes, you could sit and manually guess directory names or subdomains. Or, you could unleash —the most comprehensive collection of wordlists available on Kali Linux. gobuster dir -u http://target

sudo apt update sudo apt install seclists -y After installation, everything is stored in: /usr/share/seclists/ kali seclists

ffuf -u http://example.com -H "Host: FUZZ.example.com" -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -fc 400 You found a URL endpoint http://site.com/page.php?id=1 . You want to see if page.php accepts other parameters.