作者通过使用waybackurls工具对目标子域名进行基础信息收集,识别出敏感目录如admin、documents等,并最终发现了隐藏的敏感目录。 2025-8-31 11:16:2 Author: infosecwriteups.com(查看原文) 阅读量:3 收藏
Hidden Directories in Chaos of Waybackurls
Read for Freee..ee.e
Press enter or click to view image in full size
🐺Hunters,
I was hunting on my primary payment app back in January 2025 and at that time I don’t know have much knowledge of recon, so I started with very basic thing. As you read this blogs you’ll know how this discovery leads to a big discovery.
Basic Recon
I started with selecting a subdomain of my target and I started with very simple recon tool waybackurls to get the history of my targeted subdomain:
waybackurls subdomain.com | anew waybacksubs.txtFrom waybackurls data I got a lot of .png, .jpeg, .js files and broken directories.
I started clicking those image files and broken links to get sensitive directories and any unauthorized page.
After sometime, I realized this subdomain is only used for storing static files.
Sensitive Directories
I started with general sensitive directories which includes:
admin,documents,logs,privateNow I started with target specific sensitive directories which includes:
report,payment,transaction,merchant如有侵权请联系:admin#unsafe.sh