Pentesting Tools: Web Directory Enumeration - Paiet/SEC-335 GitHub Wiki

  • Web Directory Brute-force Enumeration
    • Dirbuster
      • OWASP tool
      • No longer supported as stand-alone app
      • Baked into OWASP-Zap now
        1. Select Target
        2. Start then stop attack
        3. Right-click on target
        4. Click "Force Browse Directory"
        5. Repeat step 4
    • Dirb
      • dirb http://10.0.0.165/ /usr/share/wordlist/dirb/big.txt
      • Look at other option in man dirb
    • Gobuster (USE MINT)
      • gobuster -u http://10.0.0.165/
      • -w /usr/share/wordlist/dirb/big.txt
      • -s '200,204,301,302,307,403,500'
      • -e