Casual_blog/content/hacking/HowTo_dirb.md

56 lines
2.1 KiB
Markdown
Raw Normal View History

2024-11-26 21:13:09 +00:00
+++
title = 'HowTo dirbust'
date = 2024-12-04
image = 'https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.tenor.com%2FitzjDO82OoMAAAAM%2Fsoldier-kick.gif&f=1&nofb=1&ipt=b79054f30ab3b1a5aad40a4ee346329aaeb3aa762c007749ac97f301ac771bd6&ipo=images'
+++
![](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.tenor.com%2FitzjDO82OoMAAAAM%2Fsoldier-kick.gif&f=1&nofb=1&ipt=b79054f30ab3b1a5aad40a4ee346329aaeb3aa762c007749ac97f301ac771bd6&ipo=images)
<!-- TODO check later if image still available. Also maybe host them here?! Need to add all of them to sources, buh -->
## Tools
We have 2 good options:
### [ffuf](https://github.com/ffuf/ffuf)
`ffuf -r -sf -ac -w ./wordlist.txt -u http://scanme.sh/FUZZ `
pros:
- have great `-ac` which automatically filters potential false-positives
- `-sf` stop when > 95% of responses return 403 Forbidden
- `-enc` can encode wordlist with URL/base64 encoder
- you can specify multiple wordlists
- `-mode` can specify multiple wordlists and multiple FUZZ words (like in burp suite)
- you can specify rate limit
- more matching options
- have recursive scan
- better UI (+ have some interactive mode)
cons:
- you need to hack your way around to get it working as Go library
- you muist specify `FUZZ` in url
### [gobuster](https://github.com/OJ/gobuster)
`gobuster dir -r -k -w ./wordlist.txt -u "http://scanme.sh/" --exclude-length 2 `
`gobuster fuzz -r -k -w ./wordlist.txt -u "http://scanme.sh/FUZZ" --exclude-length 2 `
pros:
- for some of my tests it made less false-positives
- I've made GoLang lib - [gobuster-lib](/hacking/howto_dirb_golang_library/)
- have options to find backup files (`.bak`,`.1`...)
- can randomize user-agent
cons:
- annoying false-positive - don't automatically set `--exclude-length` if got 404 page with HTTP response 200 (try scan http://scanme.sh/)
- you can't specify rate limit, but you can specify threads (1 thread roughly 6-8pps)
## Wordlists
Rockyou for web dirs - [six2dez/OneListForAll](https://github.com/six2dez/OneListForAll)
[Wordlists post](/hacking/listof_wordlists/)