Directory Enumeration
Gobuster
Gobuster is a command-line tool for directory and file brute-forcing on web servers. It helps discover hidden paths and files by trying different combinations. Security testers utilize Gobuster to identify potential entry points and sensitive files on web applications during penetration testing.
Gobuster Usage Examples
Here are various ways to use Gobuster for directory enumeration:
Basic Directory Enumeration:
Enumerate directories using a common wordlist (
common.txt):Custom Wordlist and Extension:
Use a custom wordlist (
custom.txt) and specify file extensions to search for (php,html):Recursive Directory Enumeration:
Enable recursive mode to explore subdirectories (
-rflag):Directory Enumeration with URL Path:
Enumerate directories starting from a specific URL path (
/subdir/):HTTP Methods and Insecure Types:
Specify HTTP methods and check for specific HTTP status codes (
-s 200,204):Using Different HTTP Methods:
Use different HTTP methods (
GET,POST) during directory enumeration (-Xflag):URL Path Prefix:
Add a URL path prefix (
/app/) to each request:Ignoring Response Length:
Ignore response length to quickly identify existing paths (
-zflag):
These examples demonstrate how Gobuster can be configured for different scenarios in web application penetration testing to discover hidden directories and files. Adjust parameters based on specific testing requirements and site structure.
Hacker's Mantra:With the rise of technology came a new term: hackers.
Last updated
Was this helpful?