Web directory enumeration

Tool: gobuster
Installation: https://github.com/OJ/gobuster
Usage:
gobuster dir -u http://10.10.10.10 -w wordlist -x php -o gobuster-root-php.out -t 50
-u = url
-w = wordlist
-x = extensions
-o = output
-t = threads


Tool: dirsearch
Installation page: https://github.com/maurosoria/dirsearch
Usage:
dirsearch -u http://10.10.10.10 -w wordlist -e "html" -r -t 50 -f | tee dirsearch_result.txt # default
​
#Other configurations
#dirsearch -u http://10.10.10.10 -w wordlist -e php -r -t 50 -x 403 | tee dirsearch_result2.txt
#dirsearch -u http://10.10.10.10 -e " "| tee dirsearch_result3.txt #default directories as cgi bin
With " | tee dirsearch_result.txt" we create an output to a file called dirsearch_result.txt while it's running
-u = url
-w = wordlist
-e = extensions. # -e " " = no extension
-r = recursive
-t = threads
-x = ignore error code
-f = force extensions # issue for files like cgi-bin


Tool: wfuzz
Installation page: https://github.com/xmendez/wfuzz
*Requires python3
Usage:
wfuzz -u http://10.10.10.10/FUZZ -w wordlist -hc 404 -c -t 100 -v
FUZZ means the parameter or directory we want to fuzz, we can bruteforce vulns such as SQL with this
-u = url
-w = wordlist
-hc = hide error codes
-c = output with colors
-t = threads (10 default)
-v = verbose information
-hh = hide characters (test and try with different parameters for SQLi for example; id, about etc.)
Enumeration - Previous
Port scanning
Next - Exfiltration
Exfiltration
Last updated 9 months ago