Payload Environment Variables
For accessing these resources in a quick manner, several environment variables have been defined:
| Environment Variable | Value |
|---|---|
| $FUZZDB | /usr/share/fuzzdb |
| $PAYLOADSALLTHETHINGS | /usr/share/payloadsallthethings |
| $SECLISTS | /usr/share/seclists |
| $MIMIKATZ | /usr/share/windows/mimikatz |
| $POWERSPLOIT | /usr/share/windows/powersploit |
| $ROCKYOU | /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt |
| $DIRBIG | /usr/share/seclists/Discovery/Web-Content/DirBuster-2007_directory-list-2.3-big.txt |
| $DIRMEDIUM | /usr/share/seclists/Discovery/Web-Content/DirBuster-2007_directory-list-2.3-medium.txt |
| $DIRSMALL | /usr/share/seclists/Discovery/Web-Content/DirBuster-2007_directory-list-2.3-small.txt |
| $WEBAPI_COMMON | /usr/share/seclists/Discovery/Web-Content/api/api-endpoints.txt |
| $WEBAPI_MAZEN | /usr/share/seclists/Discovery/Web-Content/common-api-endpoints-mazen160.txt |
| $WEBCOMMON | /usr/share/seclists/Discovery/Web-Content/common.txt |
| $WEBPARAM | /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt |
In this manner, you can retrieve the needed payloads with less effort, for example:
ffuf -u <target_url> -w $DIRSMALLor
john file.hash --wordlist=$ROCKYOU