In the reconnaissance stage of every web application pentest, it is essential to find possible directories on the application. These directories might hold significant information and findings that would help you greatly to find vulnerabilities in the application and improve its security.
Luckily, there are tools on the internet that make directory brute-forcing easier, automated, and faster. Here are five directory-bursting tools on Linux to enumerate hidden directories on a web application.
What Is Directory Bursting?
Directory bursting, also known as “directory brute forcing”, is a technique used in ethical hacking to discover hidden directories and files on a web server or application. It involves systematically attempting to access different directories by guessing their names or enumerating through a list of common directories and file names.
The process of directory bursting typically involves using automated tools or scripts that send HTTP requests to a web server, trying different directories and file names to find resources that are not explicitly linked or advertised on the website’s navigation or sitemap.
There are hundreds of free tools available on the internet to carry out directory bursting. Here are some free tools you can use in your next penetration test:
DIRB is a popular Linux command-line tool used to scan and bruteforce directories on web applications. It enumerates possible directories from a wordlist against a website URL.
DIRB comes installed already on Kali Linux. However, if you do not have it installed, there’s nothing to worry about. You just need a simple command to install it.
For Debian-based distributions, run:
For non-Debian Linux distributions like Fedora and CentOS, execute:
On Arch Linux, run:
How to Use DIRB to Bruteforce Directories
The syntax for performing directory brute forcing on a web application is:
For instance, if you were to bruteforce https://example.com, this would be the command:
You can also run the command without specifying a wordlist. DIRB would use its default wordlist file,common.txt, to scan the website.
2. DirBuster
DirBuster is very similar to DIRB. The major difference is that DirBuster has a graphical user interface (GUI) unlike DIRB which is a command-line tool. DIRB allows you to configure the directory bruteforce scans to your taste and filter the results by status code and other interesting parameters.
You can also set the number of threads determining the speed at which you want the scans to run, and the specific file extensions you want the application to search for you.
All you need to do is enter the target URL you want to scan, the wordlist you want to use, the file extensions, and the number of threads (optional), then clickStart.
As the scan progresses, DirBuster will display the discovered directories and files in the interface. you’re able to see the status of each request (e.g., 200 OK, 404 Not Found) and the path of the discovered items. You can also save the scan results to a file for further analysis. This would help document your findings.
DirBuster comes installed on Kali Linux, but you can easilyinstall DirBuster on Ubuntu.
3. Gobuster
Gobuster is a command-line tool written in Go used to bruteforce directories and files in websites, Open Amazon S3 buckets, DNS subdomains, Virtual Host names on target web servers, TFTP servers, etc.
To install Gobuster on Debian distributions of Linux like Kali, run:
For the RHEL family of Linux distributions, run;
Alternatively, if you have Go installed, run:
How to Use Gobuster
The syntax for using Gobuster to bruteforce directories in web applications is:
For example, if you want to bruteforce directories on https://example.com, the command would look like this:
ffuf is a very fast web fuzzer and directory brute-forcing tool written in Go. It is very versatile and particularly known for its speed and ease of use.
Since ffuf is written in Go, you need to have Go 1.16 or greater installed on your Linux PC. Check your Go version with this command:
To install ffuf, run this command:
Or you may clone the github repository and compile it using this command:
How to Use ffuf to Bruteforce Directories
The basic syntax for directory brute forcing with ffuf is:
For example, to scan https://example.com, the command would be:
5. dirsearch
dirsearch is another brute-forcing command-line tool used to enumerate directories on a web application. It is particularly liked because of its colorful output despite being a terminal-based application.
You can install dirsearch via pip by running:
Or, you can clone the GitHub repository by running:
How to Use dirsearch to Bruteforce Directories
The basic syntax for using dirsearch to bruteforce directories is:
To bruteforce directories on https://example.com, all you need to do is:
Use Tools to Automate Your Tasks in Cybersecurity
There is no doubt that these tools will save you a lot of time you would have spent manually trying to guess these directories. In cybersecurity, time is a great asset, this is why every professional takes advantage of open-source tools that to optimize their daily processes.
There are thousands of free tools especially on Linux to make your work more efficient, all you need to do is explore and choose what works for you!
