DirBuster is a multi threaded
Java based application designed to brute force directories and files
names on web/application servers. During Web Application Pentesting finding the
files and folders is always a quite tough work.
Now a days we often don't see those default installation
files/directories as in the olden days and finding out the sensitive
pages really gets challenging. In such cases, DirBuster helps in
finding those unknown and sensitive file names and directories. This
can prove to be a great information to start with in a real web
In action with
Now i will be showing you how easy it is to use
Dirbuster to find those sensitive directories and files on webservers.
Here for the demo purpose I will be using Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts
That Implement The OWASP Top 10.
Once you start the Dirbuster it will appear as shown in the
Now browse and select the 'directory bruteforce lists' from the
DirBuster folder (example: directory-list-1.0.txt) as
Now run the start button and you will see Dirbuster
starting bruteforcing the filenames & directories on the webserver as
shown below. In the black window you can see all the filenames and
directories discovered by Dirbuster.
One of the discovered file '../passwords/accounts.txt'
looks interesting. On opening you will see that it has the
passwords related to webserver accounts.
Finding out those hidden files and directories on the webserver is a
tedious task for anyone involved in web application pentesting.
DirBuster makes that task much simpler and faster with its easy to use
Even the webserver owners can easily use this
tool to remove any of the sensitive files/directories from their
webservers and taking it one step further in securing their servers.