Web directory enumeration

Tool: gobuster

Installation: https://github.com/OJ/gobuster Usage:

gobuster dir -u http://10.10.10.10 -w wordlist -x php -o gobuster-root-php.out -t 50

-u = url -w = wordlist -x = extensions -o = output -t = threads

Tool: dirsearch

Installation page: https://github.com/maurosoria/dirsearch Usage:

dirsearch -u http://10.10.10.10 -w wordlist -e "html" -r -t 50 -f | tee dirsearch_result.txt # default
#Other configurations
#dirsearch -u http://10.10.10.10 -w wordlist -e php -r -t 50 -x 403 | tee dirsearch_result2.txt
#dirsearch -u http://10.10.10.10 -e " "| tee dirsearch_result3.txt #default directories as cgi bin

With " | tee dirsearch_result.txt" we create an output to a file called dirsearch_result.txt while it's running

-u = url -w = wordlist -e = extensions. # -e " " = no extension -r = recursive -t = threads -x = ignore error code -f = force extensions # issue for files like cgi-bin

Tool: wfuzz

Installation page: https://github.com/xmendez/wfuzz *Requires python3 Usage:

wfuzz -u http://10.10.10.10/FUZZ -w wordlist -hc 404 -c -t 100 -v

FUZZ means the parameter or directory we want to fuzz, we can bruteforce vulns such as SQL with this -u = url -w = wordlist -hc = hide error codes -c = output with colors -t = threads (10 default) -v = verbose information -hh = hide characters (test and try with different parameters for SQLi for example; id, about etc.)