Web Discovery

Options	Commands	Description
`-u`	`gobuster dir -u $url -w wordlist.txt`	Discover directories and files using Gobuster
`-x`	`gobuster dir -u $url -w wordlist.txt -x php,html,txt`	Discover files with specific extensions
`-t`	`gobuster dir -u $url -w wordlist.txt -t 50`	Set the number of threads (e.g., 50) for faster discovery
`-r`	`ffuf -u $url/FUZZ -w wordlist.txt -r`	Recursively fuzz directories using FFUF
`-e`	`ffuf -u $url/FUZZ -w wordlist.txt -e .php,.html,.js`	Discover files with specific extensions using FFUF
`--hc 404`	`ffuf -u $url/FUZZ -w wordlist.txt --hc 404`	Hide responses with specific status codes (e.g., 404)
`-d 2`	`dirb $url wordlist.txt -r -d 2`	Recursively discover directories with a depth of 2

Options	Commands	Description
`-d`	`gobuster dns -d $domain -w subdomains.txt`	Discover subdomains using Gobuster
`-t`	`gobuster dns -d $domain -w subdomains.txt -t 50`	Set the number of threads (e.g., 50) for faster subdomain discovery
`--ac`	`ffuf -w subdomains.txt:FUZZ -u http://FUZZ.$domain/ --ac`	Automatically calibrate filtering in FFUF
	`subfinder -d $domain`	Discover subdomains using Subfinder
`-o`	`amass enum -d $domain -o subdomains.txt`	Enumerate and save discovered subdomains to a file using Amass
	`assetfinder --subs-only $domain`	Quickly discover subdomains using Assetfinder

Options	Commands	Description
`-u`	`ffuf -u $url/FUZZ -w parameters.txt`	Fuzz for hidden parameters using FFUF
`-X POST`	`ffuf -u $url -X POST -d "FUZZ=test" -w parameters.txt`	Fuzz POST parameters using FFUF
`-e`	`ffuf -u $url/FUZZ -w wordlist.txt -e .php,.html`	Fuzz for hidden files with extensions using FFUF
`-mc 200`	`ffuf -u $url/FUZZ -w wordlist.txt -mc 200`	Show only successful responses (e.g., status code 200)
`-r`	`wfuzz -c -z file,wordlist.txt -z file,extensions.txt --hc 404 $url/FUZZ.FUZ2Z`	Fuzz for files with extensions using Wfuzz

Options	Commands	Description
`-r`	`ffuf -u $url/FUZZ -w wordlist.txt -r`	Perform recursive directory and file discovery using FFUF
`-t`	`gobuster dir -u $url -w wordlist.txt -t 50`	Use Gobuster with multiple threads for faster web discovery
`-c`	`wfuzz -c -z file,wordlist.txt --hc 404 $url/FUZZ`	Fuzz with Wfuzz, showing only relevant results
`-u`	`gobuster dns -d $domain -w subdomains.txt`	Discover subdomains using Gobuster
`-X`	`ffuf -u $url/FUZZ -X POST -d "FUZZ=test" -w parameters.txt`	Fuzz POST requests for hidden parameters using FFUF