2.1 KiB
2.1 KiB
+++ title = 'HowTo dirbust' date = 2024-12-04 image = 'https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.tenor.com%2FitzjDO82OoMAAAAM%2Fsoldier-kick.gif&f=1&nofb=1&ipt=b79054f30ab3b1a5aad40a4ee346329aaeb3aa762c007749ac97f301ac771bd6&ipo=images' +++
Tools
We have 2 good options:
ffuf
ffuf -r -sf -ac -w ./wordlist.txt -u http://scanme.sh/FUZZ
pros:
- have great
-ac
which automatically filters potential false-positives -sf
stop when > 95% of responses return 403 Forbidden-enc
can encode wordlist with URL/base64 encoder- you can specify multiple wordlists
-mode
can specify multiple wordlists and multiple FUZZ words (like in burp suite)- you can specify rate limit
- more matching options
- have recursive scan
- better UI (+ have some interactive mode)
cons:
- you need to hack your way around to get it working as Go library
- you muist specify
FUZZ
in url
gobuster
gobuster dir -r -k -w ./wordlist.txt -u "http://scanme.sh/" --exclude-length 2
gobuster fuzz -r -k -w ./wordlist.txt -u "http://scanme.sh/FUZZ" --exclude-length 2
pros:
- for some of my tests it made less false-positives
- I've made GoLang lib - gobuster-lib
- have options to find backup files (
.bak
,.1
...) - can randomize user-agent
cons:
- annoying false-positive - don't automatically set
--exclude-length
if got 404 page with HTTP response 200 (try scan http://scanme.sh/) - you can't specify rate limit, but you can specify threads (1 thread roughly 6-8pps)
Wordlists
Rockyou for web dirs - six2dez/OneListForAll