Dirbuster -- The Directory Buster

Dirbuster is multi threaded web application scanner written in java. Dirbuster comes pre-installed in Kali Linux. It is designed to scan website's directories or any file name in web application by brute force attack.

dirbuster Kali Linux

Dirbuster is very similar to DIRB tool which we covered once. Their have some advantage of dirbuster is multithreaded for this it can do more then one work at a time this makes it faster then DIRB. We can say that Dirbuster is the GUI version of DIRB tool.

First we can see the help options in Dirbuster tool, by running following command on our terminal window:

dirbuster -h

We can see the help options on our terminal as we can see in the following screenshot:

dirbuster help options

In the above screenshot we can see the the help options of the dirbuster tool. We can ignore these help options because we will get all these options in the GUI mode. Lets start the GUI of dirbuster and start scanning a website.

To do so we need to run the following command on our terminal:

dirbuster

Then the GUI of Dirbuster will come in front of us as we can see in the following screenshot:

dirbuster GUI

Here we can see lots of options, In the first field we need to put a target website to scan. In the next radio button we can choose work method (HEAD and GET or only GET requests). Then we can choose the number of threads. Then we got a option to specify our brute-forcing method (Directory based or pure brute force, to use directory based brute force we need to specify a wordlist, but pure brute force will not need any kind of wordlist, but it will be heavily time consuming).

Enough talking lets start the scan (please check the other options, this tool is quite easy to understand)

We added our target and wordlist before start Dirbuster tool, in our case it looks like following screenshot:

dirbuster setting up
In the above screenshot we can see that we had set our target website (i.e.- 127.14.0.1 which is our localhost). We set our wordlist which is located to /usr/share/secclists/Discovery/Web-Content/directory-list-2.3.txt

Now we click on start and our scanning process will start as shown in the following screenshot:

dirbuster scanning on kali linux

During the scan or after the scan we can see the results. Results are shown in two different ways (List & Files View and Tree View). We can change the views from the upper tabs, shown in the following screenshots:

Dirbuster list and files view
Dirbuster Results (List & Files View)
 

dirbuster tree view
Dirbuster Results (Tree View)

In the above screenshots we can see that we got various directories inside the web application. This is a very crucial information gathering step for web penetration testing.

This is how we can use Dirbuster on our Kali Linux system. Dirbuster is a really fast bruteforce scanner which is very handy for cybersecurity experts for information gathering.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

AIX

Posting Komentar

Lebih baru Lebih lama