casual/Casual_blog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8948aa7d02
Casual_blog/content/hacking/HowTo_dirb.md
casual 924200ca57 new post
2024-11-27 00:13:09 +03:00

56 lines
2.1 KiB
Markdown
Raw Blame History

+++
title = 'HowTo dirbust'
date = 2024-12-04
image = 'https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.tenor.com%2FitzjDO82OoMAAAAM%2Fsoldier-kick.gif&f=1&nofb=1&ipt=b79054f30ab3b1a5aad40a4ee346329aaeb3aa762c007749ac97f301ac771bd6&ipo=images'
+++
![](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.tenor.com%2FitzjDO82OoMAAAAM%2Fsoldier-kick.gif&f=1&nofb=1&ipt=b79054f30ab3b1a5aad40a4ee346329aaeb3aa762c007749ac97f301ac771bd6&ipo=images)
<!-- TODO check later if image still available. Also maybe host them here?! Need to add all of them to sources, buh -->
## Tools
We have 2 good options:
### [ffuf](https://github.com/ffuf/ffuf)
`ffuf -r -sf -ac -w ./wordlist.txt -u http://scanme.sh/FUZZ `
pros:
- have great `-ac` which automatically filters potential false-positives
- `-sf` stop when > 95% of responses return 403 Forbidden
- `-enc` can encode wordlist with URL/base64 encoder
- you can specify multiple wordlists
- `-mode` can specify multiple wordlists and multiple FUZZ words (like in burp suite)
- you can specify rate limit
- more matching options
- have recursive scan
- better UI (+ have some interactive mode)
cons:
- you need to hack your way around to get it working as Go library
- you muist specify `FUZZ` in url
### [gobuster](https://github.com/OJ/gobuster)
`gobuster dir -r -k -w ./wordlist.txt -u "http://scanme.sh/" --exclude-length 2 `
`gobuster fuzz -r -k -w ./wordlist.txt -u "http://scanme.sh/FUZZ" --exclude-length 2 `
pros:
- for some of my tests it made less false-positives
- I've made GoLang lib - [gobuster-lib](/hacking/howto_dirb_golang_library/)
- have options to find backup files (`.bak`,`.1`...)
- can randomize user-agent
cons:
- annoying false-positive - don't automatically set `--exclude-length` if got 404 page with HTTP response 200 (try scan http://scanme.sh/)
- you can't specify rate limit, but you can specify threads (1 thread roughly 6-8pps)
## Wordlists
Rockyou for web dirs - [six2dez/OneListForAll](https://github.com/six2dez/OneListForAll)
[Wordlists post](/hacking/listof_wordlists/)
Reference in New Issue View Git Blame Copy Permalink