From 924200ca579b8dad2f2ae2a6e285c9ed10bcc85b Mon Sep 17 00:00:00 2001 From: casual Date: Wed, 27 Nov 2024 00:13:09 +0300 Subject: [PATCH] new post --- content/hacking/HowTo_dirb.md | 55 ++++++++++++++++++++ content/hacking/HowTo_dirb_golang_library.md | 2 +- 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 content/hacking/HowTo_dirb.md diff --git a/content/hacking/HowTo_dirb.md b/content/hacking/HowTo_dirb.md new file mode 100644 index 0000000..9267e15 --- /dev/null +++ b/content/hacking/HowTo_dirb.md @@ -0,0 +1,55 @@ ++++ +title = 'HowTo dirbust' +date = 2024-12-04 +image = 'https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.tenor.com%2FitzjDO82OoMAAAAM%2Fsoldier-kick.gif&f=1&nofb=1&ipt=b79054f30ab3b1a5aad40a4ee346329aaeb3aa762c007749ac97f301ac771bd6&ipo=images' ++++ + +![](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.tenor.com%2FitzjDO82OoMAAAAM%2Fsoldier-kick.gif&f=1&nofb=1&ipt=b79054f30ab3b1a5aad40a4ee346329aaeb3aa762c007749ac97f301ac771bd6&ipo=images) + + + +## Tools + +We have 2 good options: + +### [ffuf](https://github.com/ffuf/ffuf) + +`ffuf -r -sf -ac -w ./wordlist.txt -u http://scanme.sh/FUZZ ` + +pros: + - have great `-ac` which automatically filters potential false-positives + - `-sf` stop when > 95% of responses return 403 Forbidden + - `-enc` can encode wordlist with URL/base64 encoder + - you can specify multiple wordlists + - `-mode` can specify multiple wordlists and multiple FUZZ words (like in burp suite) + - you can specify rate limit + - more matching options + - have recursive scan + - better UI (+ have some interactive mode) + + +cons: + - you need to hack your way around to get it working as Go library + - you muist specify `FUZZ` in url + +### [gobuster](https://github.com/OJ/gobuster) + +`gobuster dir -r -k -w ./wordlist.txt -u "http://scanme.sh/" --exclude-length 2 ` +`gobuster fuzz -r -k -w ./wordlist.txt -u "http://scanme.sh/FUZZ" --exclude-length 2 ` + +pros: + - for some of my tests it made less false-positives + - I've made GoLang lib - [gobuster-lib](/hacking/howto_dirb_golang_library/) + - have options to find backup files (`.bak`,`.1`...) + - can randomize user-agent + +cons: + - annoying false-positive - don't automatically set `--exclude-length` if got 404 page with HTTP response 200 (try scan http://scanme.sh/) + - you can't specify rate limit, but you can specify threads (1 thread roughly 6-8pps) + +## Wordlists + +Rockyou for web dirs - [six2dez/OneListForAll](https://github.com/six2dez/OneListForAll) + +[Wordlists post](/hacking/listof_wordlists/) + diff --git a/content/hacking/HowTo_dirb_golang_library.md b/content/hacking/HowTo_dirb_golang_library.md index 257bff7..339e29c 100644 --- a/content/hacking/HowTo_dirb_golang_library.md +++ b/content/hacking/HowTo_dirb_golang_library.md @@ -4,7 +4,7 @@ date = 2024-11-27 +++ -Well, if you want to integrate dirbuster to your GoLang app, than you are in a troube since tools dont provided usage as library. You'll end up with 2 choices: +Well, if you want to integrate dirbuster to your Go app, than you are in a troube since tools dont provided usage as library. You'll end up with 2 choices: - write own lib from scratch - hack around with known tools