While Crawling allows testers to build the indexed architecture of website, this technique can't find directories and files that are not referenced. Directory fuzzing (a.k.a. directory bruteforcing) is a technique that can find some of those "hidden" paths. Dictionaries of common paths are used to request the web app for each path until exhaustion of the list.
Tools like dirb (C), dirbuster (Java), gobuster (Go), wfuzz (Python) and ffuf (Go) can do directory fuzzing/bruteforcing. Burp Suite can do it too. Depending on the web application, one will be better suited than another and additional options will be needed.
Directory fuzzing needs to be slowed down when testing production instances as it could lead to an unintended denial of service.
gobuster dir --useragent "PENTEST" -w /usr/share/seclists/Discovery/Web-Content/common.txt -u $URL
wfuzz --hc 404,403 -H "User-Agent: PENTEST" -c -z file,/usr/share/seclists/Discovery/Web-Content/common.txt $URL/FUZZ
ffuf -H "User-Agent: PENTEST" -c -w /usr/share/seclists/Discovery/Web-Content/common.txt -u $URL/FUZZ
Another great tool named feroxbuster (Rust) can do really fast recursive content discovery. The tools mentioned above don't recurse in found directories.
feroxbuster -H "User-Agent: PENTEST" -w /usr/share/seclists/Discovery/Web-Content/common.txt -u http://192.168.10.10/