Directory Brute Forcing Techniques:
Dirsearch is a simple command line tool designed to brute force directories and files in websites. This tool is available at GitHub you can download it from here and after installation in your Kali Linux type following to start dirsearch.
dirsearch /opt/dirsearch/dirsearch.py -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://TARGETIP -e php -t 20 # Dirb dirb https://192.168.1.1 # Gobuster gobuster dir -u 192.168.1.X -l -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 20 - specify relevant response codes gobuster dir -u http://192.168.1.1 -w /usr/share/seclists/Discovery/Web_Content/common.txt -s '200,204,301,302,307,403,500' -e - simple auth and extenstions gobuster dir -u 192.168.1.1 -U username -P Password1234 -w /usr/share/SecLists/Discovery/Web-Content/big.txt -t 20 -x php,txt,pl,sh,asp,aspx,html,json,py,cfm,rb,cgigobuster -w ~/Desktop/wordlists/buster_lists/Top100000-RobotsDisallowed.txt -u https://192.168.1.1 -fw -t 150 -s 200,204,301,302,307,500 -k -o out.file
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary-based attack against a web server and analyzing the response. DIRB main purpose is to help in professional web application auditing.
The tool “Dirb” is in-built in Kali Linux, therefore, Open the terminal and type following command to start brute force directory attack.
This is a really easy tool to use:
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. DirBuster comes with a total of 9 different lists; this makes DirBuster extremely effective at finding those hidden files and directories.
dirbuster wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt file extensions=php,txt,pl,sh,asp,aspx,html,json,py,cfm,rb,cgi
Insert your target.
Add it to the context
Click the plus-sign
Click on Forced Browse
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP, etc), bruteforce Forms parameters (User/Password), Fuzzing, etc.
You can find the manual by typing:
wfuzz -c -z file,/root/.ZAP/fuzzers/dirbuster/directory-list-2.3-big.txt --sc 200 http://192.168.1.1:8088/FUZZ.php
wfuzz -c -W /usr/share/wfuzz/wordlist/dir/common.txt --hc 400,404,403 http://192.168.1.1/dvwa/FUZZGobuster
# Gobuster - remove relevant responde codes (403 for example) gobuster -u http://192.168.1.1 -w /usr/share/seclists/Discovery/Web_Content/common.txt -s '200,204,301,302,307,403,500' -e note: to append a forward slash to each item in wordlist, use -f note2: another good list is /usr/share/wordlists/dirbuster/directory-list-1.0.txt
WAF – Web application firewall
It might be that dirb shows you 403 errors, instead of the expected 404. This might mean that there is a WAF protecting the site. To get around it we might have to change our request header to it looks more like a normal request.
dirb http://192.168.1.1 -a "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
HTTP Directory Scanner
msf auxiliary(dir_scanner) >set dictionary /usr/share/wordlists/dirb/common.txt
msf auxiliary(dir_scanner) >set rhosts 192.168.1.1
msf auxiliary(dir_scanner) > set path /dvwa
msf auxiliary(dir_scanner) >exploit
This module identifies the existence of interesting directories in a given directory path