In this recipe, we will learn to use the DirBuster tool. The DirBuster tool looks for hidden directories and files on the web server. Sometimes, developers will leave a page accessible but unlinked; DirBuster is meant to find these files, which might have potential vulnerabilities. This is a Java-based application developed by awesome contributors at OWASP.
http://demo.testfire.net
for the purpose of demonstration, as shown in the following screenshot:
/usr/share/dirbuster/wordlists
and select directory_list_medium.txt
, as shown in the following screenshot:
php
(based on the technology used by target) in the file extension column, as shown in the following screenshot:
/pr/docs.xml
file seems to be the standalone file sitting on the server which isn't being mentioned in sitemap or robots.txt
file. Right-click on that entry and select Open In Browser, as shown in the following screenshot:
In this recipe, we have used DirBuster to locate hidden directories and files available on the web server. DirBuster has a dictionary file generated of the most common web server directories and it reads values from the dictionary and makes a request to the webserver to check its existence. If the server returns 200 HTTP header code, it means the directory exists; if the server returns a 404 HTTP header code, it means the directory does not exist. However, it is important to note that HTTP status codes of 401 and 403 may also point to a file or directory being present, but not allowed to be opened unless authenticated.
At the same time, a few applications which have been architected well also return 200 OK for unknown files and folders, just to mess with tools such as DirBuster. Therefore, it is important to understand how the application is behaving, based on which you could further tune your scans policies and configurations.
This way, we were able to locate certain files and folders which were not linked within the application but were available on the web server.
3.149.243.32