Short and quick tip for your custom fuzzing wordlists.

It's 2026, and there will be backup of 2025 :)

backup_2025.zip
backup2025.zip
backup-2025.zip

2025_backup.zip
2025backup.zip
2025-backup.zip

backup_2025.tar.gz
backup2025.tar.gz
backup-2025.tar.gz

2025_backup.tar.gz
2025backup.tar.gz
2025-backup.tar.gz

backup_2025.rar
backup2025.rar
backup-2025.rar

2025_backup.rar
2025backup.rar
2025-backup.rar

backup_2025.bak
backup2025.bak
backup-2025.bak

2025_backup.bak
2025backup.bak
2025-backup.bak

backup_2025.old
backup2025.old
backup-2025.old

2025_backup.old
2025backup.old
2025-backup.old

Where to fuzz ?

  1. All Subdomains (each level separately)

How to sort subdomains recursively 👇

Subdomain Takeover Levels (Recursive)

Subdomain takeover automation using Subzy

medium.com

2. All IP addresses of all ASNs

How to find all IPv4+ IPv6 addresses of your target 👇

Black IP : Network Intelligence Tool

Find all ASN + IPv4 + IPv6 address of your target

medium.com

Fuzzing Tools

  1. Old folks like dirsearch
python3 dirsearch.py -l targets.txt -w custom_wordlist1.txt --random-agent --threads 40 --timeout 10 --follow-redirects --format plain | tee final_results.txt

2. New guys go with ffuf and fast

while read target; do ffuf -u "$target/FUZZ" -w custom_wordlist1.txt -fc 404 -c; done < targets.txt | tee -a final_results2.txt

Getting 403 ? Try to find Origin IP and try again. And never forget vhosts goldmine!

None
GIF from GIPHY

List: FOFA Dorking | Curated by Abhirup Konwar | Medium

FOFA Dorking · Most important feature why I love FOFA dorking is, it can match any keyword directly within Javascript…

medium.com

List: How to find bug bounty programs | Curated by Abhirup Konwar | Medium

How to find bug bounty programs · 13 stories on Medium

medium.com