Enumeration - Web - Fuzz
ffuf for post
ffuf -w /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt -X POST -d '{"key":"value"}' -u http://$(target):8081/api/FUZZ -fw 2
wfuzz
# === fuzz directories
wfuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-medium-directories.txt --hc 404 "$URL/FUZZ"
# === fuzz files
wfuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/raft-large-words.txt --hc 404 "$URL/FUZZ"
# === fuzz parameters
wfuzz -c -z file,/usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt --hc 302,404 "$URL?FUZZ"
# === fuzz users
wfuzz -c -z file,/usr/share/wordlists/seclists/Usernames/top-usernames-shortlist.txt --hc 404,403 "$URL?user=FUZZ"
wfuzz Pycurl is not compiled against Openssl
sudo apt --purge remove python3-pycurl
sudo apt install libcurl4-openssl-dev libssl-dev
sudo pip3 install pycurl wfuzz