Following the discovery of an authenticated Insecure Direct Object Reference (IDOR) vulnerability which allowed connected users to download files, I needed to extract them out of Burp. I could have done this with a loop and wget/curl but I was on Windows and it was much easier to deal with cookies within Burp. So I ran my intruder and then saved the items to a file.
Often during pentesting engagements, you will face to an HTTP/HTTPS webserver. A great way to find things on it is to enumerate resources. Multiple command line tools exist to do so including the following:
Some of them can help to do more than a siple ressource enumeration but we will focus on the enumeration part. The idea is to test these tools in order to find which one is the fastest enumeration tool. Tests will be done on the same target, where there is 3 endpoints that have the PHP extension.