fuzzing_directories

Instructions

Implementation Reference

• src/tools/fuzzing.ts:103-154 (handler)

  Main execution logic for the fuzzing_directories tool. Configures ffuf/wfuzz for directory bruteforcing, runs the scan, analyzes results for interesting directories/files, and returns structured ScanResult.

  async fuzzDirectories(baseUrl: string, config: Partial<FuzzingConfiguration> = {}): Promise<ScanResult> {
    try {
      const defaultConfig: FuzzingConfiguration = {
        tool: 'ffuf',
        threads: 20,
        timeout: 10,
        delay: 50,
        wordlist: this.getDefaultWordlist('directories'),
        extensions: ['php', 'asp', 'aspx', 'jsp', 'html', 'txt', 'xml', 'json'],
        filter_codes: [404],
        ...config
      };
      
      console.error(`🔍 Directory fuzzing on ${baseUrl}`);
      
      let results: FuzzingResult[] = [];
      
      if (defaultConfig.tool === 'ffuf') {
        results = await this.runFFUFDirectories(baseUrl, defaultConfig);
      } else if (defaultConfig.tool === 'wfuzz') {
        results = await this.runWfuzzDirectories(baseUrl, defaultConfig);
      }
      
      const analyzedResults = this.analyzeDirectoryResults(results);
      const interestingFindings = analyzedResults.filter(r => r.vulnerability_detected || r.response_code === 200);
      
      return {
        target: baseUrl,
        timestamp: new Date().toISOString(),
        tool: 'directory_fuzzing',
        results: {
          total_requests: results.length,
          found_directories: interestingFindings.length,
          accessible_paths: interestingFindings.filter(r => r.response_code === 200).length,
          sensitive_files: interestingFindings.filter(r => this.isSensitiveFile(r.url)).length,
          fuzzing_results: results,
          interesting_findings: interestingFindings
        },
        status: 'success'
      };
      
    } catch (error) {
      return {
        target: baseUrl,
        timestamp: new Date().toISOString(),
        tool: 'directory_fuzzing',
        results: {},
        status: 'error',
        error: error instanceof Error ? error.message : String(error)
      };
    }
  }

• src/index.ts:555-559 (registration)

  Tool dispatch in the main server handler switch statement, calling the FuzzingEngine.fuzzDirectories method.

  case "fuzzing_directories":
    return respond(await this.fuzzingEngine.fuzzDirectories(args.target, { 
      tool: args.tool || 'ffuf',
      extensions: args.extensions 
    }));

• src/index.ts:302-322 (schema)

  Input schema definition for the fuzzing_directories tool, listed in the tools array returned by ListToolsRequest.

  {
    name: "fuzzing_directories",
    description: "Fuzz directories and files using ffuf/wfuzz",
    inputSchema: {
      type: "object",
      properties: {
        target: { type: "string", description: "Target base URL" },
        tool: { 
          type: "string", 
          enum: ["ffuf", "wfuzz"],
          description: "Fuzzing tool to use" 
        },
        extensions: { 
          type: "array", 
          items: { type: "string" },
          description: "File extensions to test" 
        }
      },
      required: ["target"]
    }
  },

• src/tools/fuzzing.ts:345-385 (helper)

  Core helper executing ffuf commands for both directory and file extension fuzzing, parsing output into results.

  private async runFFUFDirectories(baseUrl: string, config: FuzzingConfiguration): Promise<FuzzingResult[]> {
    try {
      const results: FuzzingResult[] = [];
      
      // Directory fuzzing
      const dirCommand = `ffuf -u ${baseUrl}/FUZZ -w ${config.wordlist} -t ${config.threads} -timeout ${config.timeout} -fc ${config.filter_codes?.join(',')} -o /dev/null -s`;
      
      const { stdout: dirOutput } = await execAsync(dirCommand, { 
        timeout: 120000,
        maxBuffer: 1024 * 1024 * 5 
      });
      
      // Parse directory results
      this.parseFFUFOutput(dirOutput, baseUrl, results);
      
      // File extension fuzzing
      if (config.extensions) {
        for (const ext of config.extensions) {
          const extCommand = `ffuf -u ${baseUrl}/FUZZ.${ext} -w ${config.wordlist} -t ${config.threads} -timeout ${config.timeout} -fc ${config.filter_codes?.join(',')} -o /dev/null -s`;
          
          try {
            const { stdout: extOutput } = await execAsync(extCommand, { 
              timeout: 60000,
              maxBuffer: 1024 * 1024 
            });
            
            this.parseFFUFOutput(extOutput, baseUrl, results, ext);
            
          } catch {
            // Continue with other extensions
          }
        }
      }
      
      return results;
      
    } catch (error) {
      console.error('FFuf directory fuzzing error:', error);
      return [];
    }
  }