Directory Brute Forcing

gobuster

Directory :

gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt -o output-file-result.txt

Wordlists :

https://www.assetnote.io/
git clone https://github.com/danielmiessler/SecLists.git
/usr/share/wordlists/dirb/common.txt
/usr/share/wordlists/dirb/big.txt
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
/usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
/usr/share/wordlists/amass/subdomains-top1mil-5000.txt

Vhost

gobuster vhost -u http://example.com -w <wordlist> -t <threads>

gobuster vhost -w /usr/share/wordlists/amass/subdomains-top1mil-5000.txt -u stocker.htb -t 50 --append-domain

Subdomain

gobuster dns -d <target domain> -w /usr/share/wordlists/amass/subdomains-top1mil-5000.txt
gobuster dns -d <target domain> -r <DNS server IP> -w /usr/share/wordlists/amass/subdomains-top1mil-5000.txt 
gobuster dns -d <target domain> -k -w /usr/share/wordlists/amass/subdomains-top1mil-5000.txt

  • -k : enable HTTPS support

  • -r : using a specific DNS like 1.1.1.1

feroxbuster (almost same like gobuster)

feroxbuster -u  http://example.com/ -w /usr/share/wordlists/dirb/common.txt -t 100 -o file-result.txt
feroxbuster -u target.com -w subdomains.txt -D

  • -u target.com specifies the target domain.

  • -w subdomains.txt specifies the wordlist containing potential subdomains.

  • -D enables DNS resolution to verify the existence of subdomains.

ffuf

ffuf -w subdomains.txt -u http://target.com/FUZZ -recursion -recursion-depth 3

ffuf -w usernames.txt -u http://target.com/login -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=test" -mr "username already exist!" -fc 302

wfuzz

wfuzz -w subdomains.txt -H "Host: FUZZ.target.com" --hw 0 http://target.com/

wfuzz -w usernames.txt -d "username=FUZZ&password=test" --hc 302 http://target.com/login

dirb

dirb https://target.com -w wordlist.txt (leave blank for common.txt)
dirb https://target.com -N .php,.html
dirb http://target.com/ -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"

dirsearch

dirsearch -u google.com
dirsearch -u http://target.com/ -e php,txt,pdf
dirsearch -u http://target.com/ -r
dirsearch -u http://target.com/ -t 50 -b 200

-t : limit how many threads

-b: delay between request

PreviousJavascript HuntingNextFile Upload Tricks

Last updated

Was this helpful?