search
Portfolio

🎯Directory Enumeration

hashtag
Gobuster

Gobuster is a command-line tool for directory and file brute-forcing on web servers. It helps discover hidden paths and files by trying different combinations. Security testers utilize Gobuster to identify potential entry points and sensitive files on web applications during penetration testing.

hashtag
Gobuster Usage Examples

Here are various ways to use Gobuster for directory enumeration:

  1. Basic Directory Enumeration:

    Enumerate directories using a common wordlist (common.txt):

    gobuster dir -u https://www.example.com -w common.txt

  2. Custom Wordlist and Extension:

    Use a custom wordlist (custom.txt) and specify file extensions to search for (php,html):

    gobuster dir -u https://www.example.com -w custom.txt -x php,html

  3. Recursive Directory Enumeration:

    Enable recursive mode to explore subdirectories (-r flag):

    gobuster dir -u https://www.example.com -w wordlist.txt -r

  4. Directory Enumeration with URL Path:

    Enumerate directories starting from a specific URL path (/subdir/):

    gobuster dir -u https://www.example.com/subdir/ -w common.txt

  5. HTTP Methods and Insecure Types:

    Specify HTTP methods and check for specific HTTP status codes (-s 200,204):

    gobuster dir -u https://www.example.com -w wordlist.txt -x php,html -s 200,204

  6. Using Different HTTP Methods:

    Use different HTTP methods (GET,POST) during directory enumeration (-X flag):

    gobuster dir -u https://www.example.com -w wordlist.txt -x php -X GET,POST

  7. URL Path Prefix:

    Add a URL path prefix (/app/) to each request:

    gobuster dir -u https://www.example.com -w wordlist.txt -P /app/

  8. Ignoring Response Length:

    Ignore response length to quickly identify existing paths (-z flag):

    gobuster dir -u https://www.example.com -w wordlist.txt -z

These examples demonstrate how Gobuster can be configured for different scenarios in web application penetration testing to discover hidden directories and files. Adjust parameters based on specific testing requirements and site structure.

Hacker's Mantra:With the rise of technology came a new term: hackers.

PreviousIntro to WebNextBurpSuite and ZAP-Proxy Overview

Last updated