zap 1 find hidden files

download zap

https://www.zaproxy.org

sudo sh ZAP_2_11_1_unix.sh                       

[sudo] password for kali: 

Starting Installer ...

open zap

tools -> options -> set local proxy

serve multillidae on localhost

https://chuanshuoge3.blogspot.com/2021/12/burp-suit-4-multillidae.html

quick start -> manual explore localhost

right click on http:127.0.0.1 -> attack -> spider

spidering starts

right click on http:127.0.0.1 -> attack -> forced browse and children

in the forced browse tab dropdown list -> select default list

right click on http:127.0.0.1 -> attack -> forced browse and children

after forcing browse for a while, pause -> open tree view 

-> right click on get request in notes folder -> open in browser

hidden page opens

reference:

https://www.youtube.com/watch?v=2_lswM1S264