Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

$pwd:

recon-dir-scan

Name: Recon Dir Scan
Author: crazyMarky

// Directory and file enumeration using ffuf, gobuster, dirsearch, and feroxbuster. Use this skill when user needs to discover hidden directories, enumerate files, find backup files, or map application structure through path fuzzing.

Exécuter dans Manus

$ git log --oneline --stat

stars:170

forks:16

updated:15 février 2026 à 04:25

Explorateur de fichiers

12 fichiers

SKILL.md

readonly

related-skills.json

même dépôt

pentest-report.md

from "crazyMarky/pentest-skills"

按照标准格式生成渗透测试报告，包含项目信息表、漏洞发现清单、漏洞详情（含属性表、描述、复现步骤、证据截图、修复建议）、附录（风险等级定义、CVSS说明、词汇表）。当用户要求生成渗透测试报告、安全测试报告、漏洞报告时使用此技能。严格遵循项目模板目录中的标准格式。

2026-03-06170

exploit-file-download.md

from "crazyMarky/pentest-skills"

任意文件下载与本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf、wget 等工具测试文件下载漏洞，支持路径遍历、伪协议利用、敏感文件读取。当用户需要测试文件下载功能、检测 LFI 漏洞、读取服务器敏感文件时使用此技能。

2026-03-05170

exploit-lfi.md

from "crazyMarky/pentest-skills"

本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf 等工具测试 LFI 漏洞，支持路径遍历、PHP 伪协议利用、日志投毒 RCE、敏感文件读取。当用户需要检测 LFI 漏洞、利用文件包含漏洞读取服务器文件时使用此技能。

2026-03-05170

exploit-file-download.md

from "crazyMarky/pentest-skills"

Arbitrary file download vulnerability detection and exploitation using path traversal techniques, bypass methods, and sensitive file discovery. Use this skill when user needs to test for file download vulnerabilities, path traversal, or read sensitive files on target systems.

2026-02-15170

exploit-sqli.md

from "crazyMarky/pentest-skills"

SQL injection detection and exploitation using sqlmap, manual techniques, and custom payloads. Use this skill when user needs to test for SQL injection vulnerabilities, extract database information, or exploit SQLi in parameters, headers, or cookies.

2026-02-15170

exploit-xss.md

from "crazyMarky/pentest-skills"

Cross-site scripting (XSS) vulnerability detection and exploitation. Supports reflected XSS, stored XSS, DOM-based XSS, and blind XSS testing. Use this skill when user mentions XSS, cross-site scripting, script injection, or needs to test JavaScript injection in parameters, forms, headers, or DOM sources.

2026-02-15170

package.json

"author": "crazyMarky"

"repository": "crazyMarky/pentest-skills"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

$ useful --forSOC

Analystes en sécurité de l'informationProfessions informatiques et mathématiques15-1212L4

name	recon-dir-scan
description	Directory and file enumeration using ffuf, gobuster, dirsearch, and feroxbuster. Use this skill when user needs to discover hidden directories, enumerate files, find backup files, or map application structure through path fuzzing.

Directory and File Enumeration

Authorization Warning

IMPORTANT: Directory scanning without proper authorization may be detected as intrusion attempts. Always ensure you have:

Written permission from the target application owner
Defined scope of authorized testing
Legal compliance with local regulations

Prerequisites

Required tools that must be installed on your system:

ffuf - go install github.com/ffuf/ffuf@latest
gobuster - go install github.com/OJ/gobuster/v3/cmd/gobusterdir@main

Optional tools:

feroxbuster - cargo install feroxbuster
dirsearch - pip install dirsearch
dirb - Package manager installation

Quick Start

Most commonly used commands for directory enumeration:

Fast Directory Scan (ffuf)

ffuf -w wordlist.txt -u https://target.com/FUZZ

Recursive Scan with Status Codes

ffuf -w wordlist.txt -u https://target.com/FUZZ -mc 200,301,302 -recursion

Gobuster Quick Scan

gobuster dir -u https://target.com -w wordlist.txt -t 50

Common Scenarios

Scenario 1: Basic Directory Fuzzing

When you need to discover directories and files:

ffuf -w wordlist.txt -u https://target.com/FUZZ

Parameters:

-w wordlist.txt - Wordlist path
-u - Target URL with FUZZ keyword
-t - Threads (default: 40)

Example:

ffuf -w /usr/share/seclists/Discovery/Web-Content/common.txt -u https://target.com/FUZZ

Scenario 2: Filter by Status Code

When you only want specific HTTP status codes:

ffuf -w wordlist.txt -u https://target.com/FUZZ -mc 200,301,302,403

Status Code Filters:

Code	Meaning
200	OK (valid page)
301,302	Redirects
403	Forbidden (directory exists, no access)
401	Authentication required

Negation filter (exclude codes):

ffuf -w wordlist.txt -u https://target.com/FUZZ -mc 200,204,301,302,307,401,403 -mc 404

Scenario 3: Recursive Scanning

When you need to scan discovered directories recursively:

ffuf -w wordlist.txt -u https://target.com/FUZZ -recursion -recursion-depth 2

Parameters:

-recursion - Enable recursive scanning
-recursion-depth - Maximum depth (default: 0)

Example:

ffuf -w wordlist.txt -u https://target.com/FUZZ -recursion -recursion-depth 3

Scenario 4: File Extension Fuzzing

When searching for specific file types:

ffuf -w wordlist.txt -u https://target.com/FUZZ -X .txt

Multiple extensions:

ffuf -w wordlist.txt -u https://target.com/FUZZ -X .txt,.php,.bak,.old

Extension from wordlist:

# Format: extension:wordlist
ffuf -w extensions.txt:EXT -w words.txt:FUZZ -u https://target.com/FUZZ.EXT

Scenario 5: Hidden File Discovery

When looking for backup, config, or hidden files:

# Hidden dotfiles
ffuf -w hidden_files.txt -u https://target.com/FUZZ

# Backup files
ffuf -w wordlist.txt -u https://target.com/FUZZ -X .bak,.backup,.old,.tmp,.swp

# Config files
ffuf -w config_files.txt -u https://target.com/FUZZ

Common hidden files to check:

.git
.env
.env.local
.env.backup
config.php.bak
wp-config.php.bak
.gitignore
.htaccess

Scenario 6: Virtual Host Discovery

When testing for virtual host routing:

ffuf -w vhosts.txt -u https://target.com -H "Host: FUZZ.target.com"

Parameters:

-H - Add custom header
FUZZ in header value - Replaced by wordlist entries

Example:

ffuf -w subdomains.txt -u http://192.168.1.100 -H "Host: FUZZ.example.com"

Scenario 7: API Endpoint Discovery

When enumerating API endpoints:

ffuf -w api_endpoints.txt -u https://target.com/api/FUZZ

Common API patterns:

/api/v1/FUZZ
/api/v2/FUZZ
/graphql
/api/graphql
/rest/FUZZ

With HTTP methods:

ffuf -w endpoints.txt -u https://target.com/api/FUZZ -X GET,POST,PUT,DELETE

Scenario 8: Parameter Fuzzing

When discovering hidden parameters:

ffuf -w params.txt -u https://target.com/page?FUZZ=test

Value fuzzing:

ffuf -w values.txt -u https://target.com/page?param=FUZZ

Scenario 9: Gobuster Scanning

Alternative to ffuf using gobuster:

# Basic scan
gobuster dir -u https://target.com -w wordlist.txt -t 50

# With status filtering
gobuster dir -u https://target.com -w wordlist.txt -t 50 -k --status-codes 200,301,302,403

# Recursive
gobuster dir -u https://target.com -w wordlist.txt -t 50 -r

# With extensions
gobuster dir -u https://target.com -w wordlist.txt -t 50 -x php,txt,html

Scenario 10: Feroxbuster Scanning

Modern Rust-based directory scanner:

# Basic scan
feroxbuster -u https://target.com -w wordlist.txt

# With recursion and status codes
feroxbuster -u https://target.com -w wordlist.txt -C 404 --depth 3

# Scan multiple URLs
feroxbuster -u https://target.com -u https://target2.com -w wordlist.txt

Tool Selection Guide

Scenario	Recommended Tool	Command
Quick scan	ffuf	`ffuf -w wordlist.txt -u https://target.com/FUZZ`
Recursive scan	ffuf	`ffuf -w wordlist.txt -u https://target.com/FUZZ -recursion`
Large wordlist	gobuster	`gobuster dir -u https://target.com -w wordlist.txt -t 100`
Multi-target	feroxbuster	`feroxbuster -u https://target.com -w wordlist.txt`
Hidden files	ffuf	`ffuf -w files.txt -u https://target.com/FUZZ`
API discovery	ffuf	`ffuf -w api.txt -u https://target.com/api/FUZZ`

Tool Comparison:

Tool	Language	Speed	Features	Best For
ffuf	Go	Very Fast	Highly flexible, filtering	Most scenarios
gobuster	Go	Fast	Simple, reliable	Quick scans
feroxbuster	Rust	Fast	Multi-target, recursion	Large assessments
dirsearch	Python	Medium	Built-in wordlists	Beginners

Common Wordlists

Wordlist	Size	Description	Location
common.txt	~4,600	Common dirs/files	SecLists
raft-medium-directories	~30,000	Medium coverage	SecLists
raft-large-directories	~60,000	Large coverage	SecLists
directory-list-2.3-medium	~220,000	Comprehensive	DirBuster
apache.txt	~5,000	Apache defaults	SecLists
api-endpoints.txt	~500	API discovery	Custom

SecLists paths:

/usr/share/seclists/Discovery/Web-Content/
/usr/share/seclists/Discovery/Web-Content/api/
/usr/share/seclists/Discovery/Web-Content/raft/

Advanced Techniques

Rate Limiting

Avoid detection by slowing requests:

ffuf -w wordlist.txt -u https://target.com/FUZZ -rate 100

User-Agent Rotation

ffuf -w wordlist.txt -u https://target.com/FUZZ \
  -H "User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1)"

Authentication

# Basic auth
ffuf -w wordlist.txt -u https://user:pass@target.com/FUZZ

# Header-based auth
ffuf -w wordlist.txt -u https://target.com/FUZZ \
  -H "Authorization: Bearer TOKEN"

Cookie/Session Based

ffuf -w wordlist.txt -u https://target.com/FUZZ \
  -H "Cookie: session=YOUR_SESSION_TOKEN"

Output Matching

Filter by response content:

ffuf -w wordlist.txt -u https://target.com/FUZZ \
  -mr "admin"  # Match response containing "admin"

ffuf -w wordlist.txt -u https://target.com/FUZZ \
  -ms 1520    # Match specific response size

Output Formats

Save Results

# ffuf JSON output
ffuf -w wordlist.txt -u https://target.com/FUZZ -o results.json

# ffuf plain output
ffuf -w wordlist.txt -u https://target.com/FUZZ -o results.txt

# Gobuster output
gobuster dir -u https://target.com -w wordlist.txt -o results.txt

Resume Scanning

# ffuf resume
ffuf -w wordlist.txt -u https://target.com/FUZZ -resume-ffuf

Tips and Best Practices

Start small - Use smaller wordlists first for quick wins
Filter aggressively - Use -mc to reduce noise
Check response sizes - Same size pages often indicate false positives
Verify manually - Always check interesting results manually
Rate limiting - Avoid blocking with appropriate delays
Combine wordlists - Multiple wordlists for better coverage
Check parameters - Don't forget to fuzz query parameters
Look for 403s - Forbidden responses reveal valid paths

Resources

Scripts

scripts/ffuf_results_parser.py - Parse and filter ffuf JSON results
scripts/merge_wordlists.py - Merge and deduplicate multiple wordlists
scripts/status_code_analyzer.py - Analyze response patterns

References

references/ffuf_guide.md - Comprehensive ffuf reference
references/gobuster_guide.md - Gobuster usage documentation
references/wordlist_guide.md - Wordlist selection and creation

Scenario: Persistent Storage of Directory Scan Findings

When you need to persist directory scan findings to the database:

# Manual entry after discovering directories
python .claude/skills/recon-dir-scan/scripts/dir_scan_storage.py \
  --host-ip 192.168.1.100 \
  --url "https://example.com" \
  --path "/admin" \
  --status 200 \
  --size 1234 \
  --subsystem "Web Application"

Parameters:

--host-ip - Target host IP (required)
--url - Base URL (required)
--path - Discovered path (required)
--status - HTTP status code (optional)
--size - Response size (optional)
--tool - Tool used (default: ffuf)
--subsystem - Subsystem name (optional)

Database location: ./data/results.db

Related skills: results-storage - Query data, generate reports

Assets

assets/common-dirs.txt - Common directory names
assets/common-files.txt - Common file names
assets/hidden-files.txt - Hidden and backup files
assets/api-endpoints.txt - Common API endpoints

recon-dir-scan

Plus depuis ce dépôt

Plus depuis ce dépôt

Directory and File Enumeration

Authorization Warning

Prerequisites

Quick Start

Fast Directory Scan (ffuf)

Recursive Scan with Status Codes

Gobuster Quick Scan

Common Scenarios

Scenario 1: Basic Directory Fuzzing

Scenario 2: Filter by Status Code

Scenario 3: Recursive Scanning

Scenario 4: File Extension Fuzzing

Scenario 5: Hidden File Discovery

Scenario 6: Virtual Host Discovery

Scenario 7: API Endpoint Discovery

Scenario 8: Parameter Fuzzing

Scenario 9: Gobuster Scanning

Scenario 10: Feroxbuster Scanning

Tool Selection Guide

Common Wordlists

Advanced Techniques

Rate Limiting

User-Agent Rotation

Authentication

Cookie/Session Based

Output Matching

Output Formats

Save Results

Resume Scanning

Tips and Best Practices

Resources

Scripts

References

Scenario: Persistent Storage of Directory Scan Findings

Assets

Directory and File Enumeration

Authorization Warning

Prerequisites

Quick Start

Fast Directory Scan (ffuf)

Recursive Scan with Status Codes

Gobuster Quick Scan

Common Scenarios

Scenario 1: Basic Directory Fuzzing

Scenario 2: Filter by Status Code

Scenario 3: Recursive Scanning

Scenario 4: File Extension Fuzzing

Scenario 5: Hidden File Discovery

Scenario 6: Virtual Host Discovery

Scenario 7: API Endpoint Discovery

Scenario 8: Parameter Fuzzing

Scenario 9: Gobuster Scanning

Scenario 10: Feroxbuster Scanning

Tool Selection Guide

Common Wordlists

Advanced Techniques

Rate Limiting

User-Agent Rotation

Authentication

Cookie/Session Based

Output Matching

Output Formats

Save Results

Resume Scanning

Tips and Best Practices

Resources

Scripts

References

Scenario: Persistent Storage of Directory Scan Findings

Assets