Discovering hidden files/directories using DirBuster
In this recipe, we will learn to use the tool. The DirBuster tool looks for hidden directories and files on the web server. Sometimes, developers will leave a page accessible but unlinked; DirBuster is meant to find these files, which might have potential vulnerabilities. This is a Java-based application developed by awesome contributors at OWASP.
Getting ready
For this recipe, you will require an Internet connection.
How to do it...
- Launch DirBuster from the
Kali Linux
|Web Application Analysis
|Web Crawlers and Directory Brute
|Dirbuster
, as shown in the following screenshot:
- Open and enter your target URL; in our case, we will enter
http://demo.testfire.net
for the purpose of demonstration, as shown in the following screenshot:
- Select list based brute force. Browse and navigate to
/usr/share/dirbuster/wordlists
and selectdirectory_list_medium.txt
, as shown in the following screenshot:
- Click on
Select List
and enterphp
(based...