When running the below command, I expect wfuzz to first cycle through all items in the directory list that are not 404, then cycle through each item in the file list and report on any non 404. But what happens is it goes to the first item in the directory list then tries each file item for it then moves to directory item #2 and does the file list for that one, and so on.
As the first item in the directory list is 404, there's not much point in trying to match files for it. It should first run through all items in directory list, then only start further enumeration for any that do not match the --hc 404.
Please provide steps to reproduce, including exact wfuzz command executed and output:
Run this on any target: fuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-directories-lowercase.txt -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-files-lowercase.txt --hc 404 -L -R1 -t 200 http://bounty.htb/FUZZ/FUZ2Z
Issue template
Context
Please check:
Please describe your local environment:
Wfuzz version: Output of wfuzz --version 3.1.0
Python version: Output of python --version └─$ python --version 130 ⨯ Python 2.7.18
└─$ python3 --version Python 3.9.2
OS: Kali
Report
What is the current behavior?
When running the below command, I expect wfuzz to first cycle through all items in the directory list that are not 404, then cycle through each item in the file list and report on any non 404. But what happens is it goes to the first item in the directory list then tries each file item for it then moves to directory item #2 and does the file list for that one, and so on.
fuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-directories-lowercase.txt -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-files-lowercase.txt --hc 404 -L -R1 -t 200 http://bounty.htb/FUZZ/FUZ2ZWhat is the expected or desired behavior?
As the first item in the directory list is 404, there's not much point in trying to match files for it. It should first run through all items in directory list, then only start further enumeration for any that do not match the
--hc 404.Please provide steps to reproduce, including exact wfuzz command executed and output:
Run this on any target:
fuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-directories-lowercase.txt -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-files-lowercase.txt --hc 404 -L -R1 -t 200 http://bounty.htb/FUZZ/FUZ2ZOther relevant information:
X