• We just launched and are currently in beta. Join us as we build and grow the community.

Multiple Ways to Directory Bruteforcing on Web Server

hack_tools

Quantum Algorithm Researcher
H
H Rep
0
0
0
Rep
0
H Vouches
0
0
0
Vouches
0
Posts
73
Likes
81
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 300 XP
Glow-in-the-Dark-Party-Facebook-Event-Cover-Photo-1.png


Hey Folks, this article can be valuable for bug bounty hunters and CTF players because in this tutorial we will talk about the best hidden directory finder tools that will help you do enumeration.

What do you get ?
  • gobuster
  • dirb
  • dirsearch
  • Wfuzz
  • konan
  • dirhunt
  • Metasploit
  • disbuster

Lets take a look 🙂 !!

Gobuster

Gobuster is an open source tool designed to force URI (files and directories) and DNS subdomains. The Gobuster tool provides a command line interface (CLI) that is built into the Go programming language. Downloading this tool is not difficult, just let us execute the following command.

apt-get install gobuster1apt-get install gobuster

1-4.png


After completing the download we can launch bruteforce attack to find the hidden directory in the web directory.

  • -u –url string
  • -w –wordlist string
  • -s –statuscodes string

gobuster dir -u http://192.168.0.106/bolt/ -w /usr/share/wordlists/dirb/big.txt -s 200,302,3011gobuster dir-u
http://192.168.0.106/bolt/ -w /usr/share/wordlists/dirb/big.txt -s 200,302,301

2-3.png


We can use the “-x” syntax to find the specifics extension files.

  • -x –extensions string

gobuster dir -u http://192.168.0.106/bolt/ -w /usr/share/wordlists/dirb/big.txt -x php1gobuster dir-u
http://192.168.0.106/bolt/ -w /usr/share/wordlists/dirb/big.txt -x php

3-3.png

DIRB

DIRB is a Web Content Scanner. It is in-built kali linux tool and works by launching a dictionary based attack against a web server and analyzing the response but remember is a content scanner not a vulnerability scanner.
Click to expand...

When we will exeute the following command it will start the brute force attack and dumps the all hidden directory.

dirb http://192.168.0.106/bolt/1dirb http://192.168.0.106/bolt/

4-3.png


Similary we can use the given syntax to find the specifics files or directory.

  • -X = extensions

dirb http://192.168.0.106/secnhack/ -X .php1dirb http://192.168.0.106/secnhack/ -X .php

5-3.png

Dirsearch

Dirsearch is a brute-force tool that is written in Python and used for find hidden web directories and files. It can run on Windows, Linux, and macOS, and it offers a simple, yet powerful command-line interface.
Click to expand...

Download this tool from github page and when the downloaded is complete the directory will be automatically created on terminal after then we can start this tool by using the python tool.

git clone https://github.com/maurosoria/dirsearch.git
cd dirsearch
python3 dirsearch.py -h123git clone
https://github.com/maurosoria/dirsearch.gitcd dirsearchpython3 dirsearch.py-h

6-4.png


Now we will launch brute force attack with extension facility.

  • -u = url
  • -w = wordlist
  • -e = specifics extensions

python3 dirsearch.py -u http://192.168.0.106/secnhack/ -w /usr/share/dirb/wordlists/common.txt -e .php1python3 dirsearch.py-u
http://192.168.0.106/secnhack/ -w /usr/share/dirb/wordlists/common.txt -e .php

7-3-1024x403.png


Lets move on further and try to dump the results with specific status code.

  • -x = hide response

python3 dirsearch.py -u http://192.168.0.106/secnhack/ -w /usr/share/dirb/wordlists/common.txt -e php -x 400,4031python3 dirsearch.py-u
http://192.168.0.106/secnhack/ -w /usr/share/dirb/wordlists/common.txt -e php -x 400,403

8-3-1024x372.png

Wfuzz

Wfuzz is a open source tool designed for brute forcing Web Applications, it can be used for finding resources such as brute force GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
Click to expand...

Wfuzz is in-built in Kali Linux, hence we can start this by type “wfuzz” on terminal. Keep in mind we have to mention the “FUZZ” word after the URLs.

  • –hc = status
  • -u = url
  • -w = wordlist

wfuzz -u http://192.168.0.106/secnhack/FUZZ/ -w /usr/share/dirb/wordlists/common.txt --hc 400,404,4031wfuzz-u
http://192.168.0.106/secnhack/FUZZ/ -w /usr/share/dirb/wordlists/common.txt --hc 400,404,403

9-3.png

Konan

Konan is an another open source tool that is hosted on github page and designed to brute force directories and files names on web/application servers.
Click to expand...

First we will download this tool from Gitub and after that we will have to fulfill some requirements of this tool by executing the following command.

git clone https://github.com/m4ll0k/Konan.git konan
cd konan && pip install -r requirements.txt12git clone
https://github.com/m4ll0k/Konan.git konancd konan&&pip install-rrequirements.txt

10-3.png


Lets take a example and try to dump the directory list.

python3 konan.py -u http://192.168.0.106/secnhack/ -w /usr/share/dirb/wordlists/common.txt1python3 konan.py-u
http://192.168.0.106/secnhack/ -w /usr/share/dirb/wordlists/common.txt

11-3-1024x425.png


Now we will uses the exclude feature of this tool to skip the some status code.

  • -x = –exclude

python3 konan.py -u http://192.168.0.106/secnhack/ -w /usr/share/dirb/wordlists/common.txt -x 400,4031python3 konan.py-u
http://192.168.0.106/secnhack/ -w /usr/share/dirb/wordlists/common.txt -x 400,403

12-3-1024x365.png

Dirhunt

Dirhunt is a web crawler or hidden directory finder. This tool can find interesting things if the server has the “index of” mode enabled. Dirhunt is also useful if the directory listing is not enabled because it can dumps the hidden directory.
Click to expand...

We do not have to make much effort to download this tool, we can download it by pip tool.

sudo pip3 install dirhunt1sudo pip3 install dirhunt

13-3.png


Dirhunt can be a useful tool to find hidden directories of live websites.

  • -x = exclude

dirhunt http://192.168.0.106/secnhack/ -x 400,4021dirhunt http://192.168.0.106/secnhack/ -x 400,402

14-3.png

Metasploit

If you know about the metasploit framework then you will understand batter about this tool because this module identifies the existence of interesting directories in a given directory path.
Click to expand...

Start the metasploit framework by type “msfconsole” on terminal and then enter the following command. After execute the following
command it will gives the result such as below given image.

msf5 exploit(multi/handler) > use auxiliary/scanner/http/dir_scanner
msf5 auxiliary(scanner/http/dir_scanner) > set rhosts 192.168.0.106
msf5 auxiliary(scanner/http/dir_scanner) > set path secnhack/
msf5 auxiliary(scanner/http/dir_scanner) > set dictionary /usr/share/dirb/wordlists/common.txt
msf5 auxiliary(scanner/http/dir_scanner) > run12345msf5 exploit(multi/handler)>useauxiliary/scanner/http/dir_scannermsf5 auxiliary(scanner/http/dir_scanner)>set rhosts192.168.0.106msf5 auxiliary(scanner/http/dir_scanner)>set path secnhack/msf5 auxiliary(scanner/http/dir_scanner)>set dictionary/usr/share/dirb/wordlists/common.txtmsf5 auxiliary(scanner/http/dir_scanner)>run

15-1.png

Disbuster

DirBuster is especially designed to brute force directories and files names on web/application servers which is GUI based tool . Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within therefore we are using the multiple tool to find that directory’s.
Click to expand...

When we enter the “dirbuster” it will automatically opened in our terminal and in which we need to submit the target details as shown given below.

16-1.png


As you can see it has dumped all the hidden directories.

17-1.png
About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be contact on Linkedin.
 
You must log in or register to reply here.

428,096

310,989

310,998

F Fadwa
Top