Wfuzz
Web Fuzzer
wfuzz -c -z file,/usr/share/wordlists/dirb/big.txt --sc 200 http://192.168.99.21/FUZZ.txt
USE WFUZZ TO FIND SUBDOMAINS
wfuzz -c -w /usr/share/seclists/usr/share/seclists/Discovery/DNS --hc 404 --hw 617 -u website.com -H "HOST: FUZZ.website.com"
Use filter to reach your actual subdomains like below command.
wfuzz -c -w /usr/share/seclists/usr/share/seclists/Discovery/DNS --hc 404 --hw 7873 -u hnpsec.com -H "HOST: FUZZ.hnpsec.com"
Filters:
Only show results that are not 32 characters (useful if you know how many sharacters are on the 'fail' pages):
--hh 32
Only show results that are not 4 words (useful if you know how many words are on the 'fail' pages):
--hw 4
Only show responses that are not 403 response codes:
--hc 403