Performing directory enumeration
Sometimes, web administrators and IT professionals unintentionally expose sensitive and restricted directories and files on their web applications and servers on the internet. If a threat actor were to find confidential data within a hidden directory on a target’s web server, it can be leveraged to plan and perform future attacks on the target.
This section focuses on using various tools and techniques to discover hidden directories and files as an ethical hacker.
Using GoBuster to find hidden directories
GoBuster is a brute-force tool used to identify the sub-domains, directories, files, and hostnames of a target.
To get started with using GoBuster to find hidden directories and files of a domain, use the following instructions:
- Firstly, power on the Kali Linux virtual machine.
- Next, open the Terminal and use the following commands to update the software package repository list and install GoBuster:
kali@kali:~$ sudo apt...