Automated Directory Enumeration
Wordlists
If you choose to use SecLists' raft-medium-words wordlist, then keep in mind that you will not find /cgi-bin/
, it will only find /cgi-bin
(without the slash). You can add the slash using the --add-slash
flag, but then it won't find it without the slash.
It seems like no single wordlist is good enough... For thatreason, I've combined multiple wordlists into one massive wordlist. They're available at:
I recommend running 2 separate dirbusts:
Dirbust for files using the
combined_words.txt
wordlist and specifying all important extensions.Dirbust for directories using the
combined_directories.txt
wordlist.
This can be run automatically with AutoRecon, for example.
Gobuster
Files search:
Flags:
--discover-backup
: Upon finding a file, search for backup files-u
: URL-w
: wordlist-x
: list of file extensions
Note: If you specify -x, then don’t worry, it also includes files without file extension
wfuzz
Brute force directories/files using wfuzz
https://hydrasky.com/network-security/wfuzz-bruteforcing-web-applications/
Flags:
-s
: Time delay (in seconds)--hh
: Filter out character length--hc
: Filter out status codes-R10
: Sets recursion with a depth of 10Be wary of HTTP Forbidden headers
Last updated