Directory Enumeration

These tools are used to identify hidden web server resources, which can be crucial for both security assessments and website management tasks.

Dirb

Link

Purpose: Dirb is a web application directory brute-forcing tool. It is designed to find hidden directories and files on a web server by making HTTP requests with a list of common or custom directory and file names.

Features:

  • Supports both GET and HEAD requests.

  • Allows the use of custom wordlists for directory and file enumeration.

  • Provides a simple command-line interface for ease of use.

DirBuster

Link

Purpose: Dirbuster is another directory and file brute-forcing tool used in web application security testing. It helps identify web server content that might not be easily discoverable through standard navigation.

Features:

  • Offers a graphical user interface (GUI) for ease of use.

  • Supports dictionary-based and custom wordlists.

  • Provides multiple scanning modes and options.

  • Allows you to specify file extensions to target.

  • Generates comprehensive reports of findings.

Gobuster

Link

Purpose: Gobuster is a directory and file brute-forcing tool that is commonly used in penetration testing. It's known for its speed and efficiency in revealing hidden web server content.

Features:

  • Performs highly parallelized scans, making it fast and efficient.

  • Supports both directory and file brute-forcing.

  • Allows you to specify extensions to target.

  • Can be configured for recursive or non-recursive scanning.

  • Supports custom wordlists for enumeration.

Default command: gobuster dir -u <Target Website> -w <PATH/TO/WORDLST>

Dirsearch

Dirsearch.py is a versatile highly configurable open-source tool for web application directory brute-forcing and scanning.

python3 dirsearch.py -e php,html,js -u https://<target> -w </path/to/wordlist>

Note: -e php,html,js specifies the file extensions to search for within directories. In this case, it's looking for directories containing PHP, HTML, and JavaScript files.

Last updated