Directory Fuzzing

Directory fuzzing, also known as directory brute-forcing or directory enumeration, is a technique used in cybersecurity and web application testing to identify hidden or non-public directories and files in a web server.

The primary goal is to discover resources that are not directly linked in web pages or that are meant to be private, including directories, files, or URLs that may contain sensitive information, backups, administrative interfaces, or config files.

It is typically performed using automated tools such as Ffuf. The tools systematically guess URLs by appending a list of potential directory or file names to the base URL.