Website Web Directory Brute Forcing Fuzzing Tools and Techniques Wordlist Strategies

iMyFone LockWiper

Directory Brute Forcing Techniques:

 Dirsearch is a simple command line tool designed to brute force directories and files in websites. This tool is available at GitHub you can download it from here and after installation in your Kali Linux type following to start dirsearch.

dirsearch
/opt/dirsearch/dirsearch.py -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://TARGETIP -e php -t 20


# Dirb
dirb https://192.168.1.1

# Gobuster 

gobuster dir -u 192.168.1.X -l -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt  -t 20

- specify relevant response codes
gobuster dir -u http://192.168.1.1 -w /usr/share/seclists/Discovery/Web_Content/common.txt -s '200,204,301,302,307,403,500' -e

- simple auth and extenstions
gobuster dir -u 192.168.1.1 -U username -P Password1234 -w /usr/share/SecLists/Discovery/Web-Content/big.txt -t 20 -x php,txt,pl,sh,asp,aspx,html,json,py,cfm,rb,cgi


gobuster -w ~/Desktop/wordlists/buster_lists/Top100000-RobotsDisallowed.txt -u https://192.168.1.1 -fw -t 150 -s 200,204,301,302,307,500 -k -o out.file


Dirb

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary-based attack against a web server and analyzing the response. DIRB main purpose is to help in professional web application auditing.

The tool “Dirb” is in-built in Kali Linux, therefore, Open the terminal and type following command to start brute force directory attack.

This is a really easy tool to use:

dirb http://192.168.1.1

Dirbuster

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. DirBuster comes with a total of 9 different lists; this makes DirBuster extremely effective at finding those hidden files and directories.

dirbuster

wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

file extensions=php,txt,pl,sh,asp,aspx,html,json,py,cfm,rb,cgi


OWASP ZAP

Insert your target.
Add it to the context
Click the plus-sign
Click on Forced Browse

Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP, etc), bruteforce Forms parameters (User/Password), Fuzzing, etc.

You can find the manual by typing:

wfuzz -h

wfuzz -c -z file,/root/.ZAP/fuzzers/dirbuster/directory-list-2.3-big.txt --sc 200 http://192.168.1.1:8088/FUZZ.php
wfuzz -c -W /usr/share/wfuzz/wordlist/dir/common.txt --hc 400,404,403 http://192.168.1.1/dvwa/FUZZGobuster
# Gobuster - remove relevant responde codes (403 for example)
gobuster -u http://192.168.1.1 -w /usr/share/seclists/Discovery/Web_Content/common.txt -s '200,204,301,302,307,403,500' -e

note: to append a forward slash to each item in wordlist, use -f
note2: another good list is /usr/share/wordlists/dirbuster/directory-list-1.0.txt

WAF – Web application firewall

It might be that dirb shows you 403 errors, instead of the expected 404. This might mean that there is a WAF protecting the site. To get around it we might have to change our request header to it looks more like a normal request.

dirb http://192.168.1.1 -a "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"

Metasploit

HTTP Directory Scanner

use auxiliary/scanner/http/dir_scanner
msf auxiliary(dir_scanner) >set dictionary /usr/share/wordlists/dirb/common.txt
msf auxiliary(dir_scanner) >set rhosts 192.168.1.1
msf auxiliary(dir_scanner) > set path /dvwa
msf auxiliary(dir_scanner) >exploituse auxiliary/scanner/http/dir_scanner
msf auxiliary(dir_scanner) >set dictionary /usr/share/wordlists/dirb/common.txt
msf auxiliary(dir_scanner) >set rhosts 192.168.1.1
msf auxiliary(dir_scanner) > set path /dvwa
msf auxiliary(dir_scanner) >exploit

This module identifies the existence of interesting directories in a given directory path

Please follow and like us: