In previous posts we learned the NMAP and how to find ports on a network or system. Now we need to hunt for open directories to find admin panel or sub-directories.
DIRB is a very popular web content scanner written in C that can be used to brute force open directories. The bad thing of DIRB is this tool is generally slow and does not support multi-threading, but it has a grate way to find existing and hidden directories or sub-directories.
DIRB is built in Kali Linux and it is very simple to use, just open the terminal window and type following command to scan our website https://www.kalilinux.in :
The screenshot is following:
There are many other option in DIRB, using them makes DIRM more handy:
- -a : specify your user agent.
- -c : specify a cookie for HTTP request.
- -f : fine tuning of NOT_FOUND (404) detection.
- -H : enter a custom header to HTTP request.
- -x : to specify the file extension.
- -o : save output to disk.
- -t : don’t force an ending ‘/’ on URLs.
Leave a Reply