How do find all hidden files and folders of web applications?

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary-based attack against a web server and analyzing the response.

DIRB comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also, DIRB sometimes can be used as a classic CGI scanner, but remember it is a content scanner, not a vulnerability scanner.

DIRB’s main purpose is to help in professional web application auditing. Especially in security-related testing. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects that other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web content that can be vulnerable.

Working of dirb:

Dirb has an inward wordlist record that naturally has around 4000 words for brute force attacks. There are likewise significantly more refreshed wordlists accessible over the web that can be utilized also. Dirb makes an inquiry of the words in its wordlist in every registry or object of a worker or a site. It very well may be an administrative board or a subdirectory that is powerless against assault. The most major thing is to discover the objects as they are hidden.

How to install dirb?

Step 1: Update the repository
sudo apt update

Step 2: Install the “DIRB”
           sudo apt install dirb

How to use dirb?

Normal Scan
dirb URL

Find with this extensions
dirb URL -X file-type

Use wordlist
dirb URL wordlist

Save output in a file
dirb URL -o file-name

Display file
cat file-name

Ignore Unnecessary Status-Code
Now I am ignoring the NOT FOUND
dirb URL -N status-code

Don’t stop on WARNING messages
dirb URL -w

Not recursively
dirb URL -r

 

Previous articleHow to install and use Hacktronian?
Next articleWhat is phishing? and How to Create a Phishing Page?

LEAVE A REPLY

Please enter your comment!
Please enter your name here