DirBuster-en

Español

DirBuster

Phase(s):

Primary: Mapping.
Secondary: N/A.

Description:

Tool that helps identify directories and files names on Web applications through brute force.

Objective:

Identify directories and files name on Web applications that could contain sensitive information that compromise the application security.

Features:

Supported technologies: Web applications (HTTP/HTTPS) and web servers.

Operative mode: Active.

Identify directories and files name on Web applications that could contain sensitive information that compromise the application security.

Returns directories and files names through brute force attacks.

Reports:
Output reports: ✔

Report containing directories and files names found by the tool, the result can be exported on the following formats: TXT, XML y CSV.

Basic usage:

Configure the target URL. The address of the application or server should be written including the port, i.e. \http://127.0.0.1:8080

Select scanning Type: Select the scanning type you want to perform; List based brute force or Pure brute force.

By selecting “List based brute force” the tool will perform a scan based on a default list of directories and files, in order to select the list of directories and files press the Browse button and select the file.

By selecting “Pure based brute force” the tool will perform a scanning based on a set of characters, select it on Set char option.

Additionally set the file extensions of the application, by default it is set PHP but can be chosen extensions like jsp, asp, aspx among others.

For the following example we will consider the following information:
• IP: 192.168.10.130
• Port: 80
• Scanning based on list brute force
• File extensions PHP
• Report generation on TXT format

Configuration example:

In order to begin the scanning press the Start button, a screen like this will show:

Once the scan is finished it is possible to generate reports in several formats, for this example is selected full text report, to generate the report press the button "Generate Report".

Resources:

Link: https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
Author(es): James Fisher
Contact: DirBuster [at] sittinglittleduck.com
License: GNU LGPL Version 3.0

Maguey Wiki

Maguey Application Testing Framework ™