Directory Bruteforcing on Web Server

FFUF

A fast web fuzzer that can be used for both content discovery and directory bruteforcing. It can be used to discover hidden directories and files on a web server by fuzzing with a wordlist.You can find this tool github FFUF

Here is the command for dir bruteforce using FFUF

ffuf -w /usr/share/seclists/Discovery/Web-Content/common.txt -u http://$target/FUZZ -e .php,.html,.txt -o ffuf-scan.txt

-w /usr/share/seclists/Discovery/Web-Content/common.txt specifies the wordlist file to be used for directory and file brute-forcing.

-u http://$target/FUZZ specifies the URL to scan, with FUZZ as a placeholder for the files/directories to test.

-e .php,.html,.txt specifies the file extensions to test.

-o ffuf-scan.txt specifies the output file to write the results to.

In this case, ffuf is being used to brute-force directories and files on the web server using the common wordlist file located at /usr/share/seclists/Discovery/Web-Content/common.txt. The output of the scan is saved to a file called ffuf-scan.txt.

Gobuster

Gobuster is another popular tool for brute force directory and file discovery on web servers. It is an open-source tool that can be used to search for hidden files and directories on a website. you can find this tool in github gobuster

Here is the command for dir bruteforce using gobuster

gobuster dir -u http://$target -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt -o gobuster-scan.txt

The command “gobuster dir” is used for directory enumeration and is a part of the Gobuster tool. The options used in the command are:

“-u” specifies the target URL to be scanned.

“-w” specifies the wordlist to be used for directory brute forcing. In this case, the medium directory wordlist from SecLists has been used.

“-x” specifies the file extensions to be searched for. In this case, only “.php”, “.html”, and “.txt” extensions have been specified to be searched for.

“-o” specifies the output file where the results of the scan will be saved. In this case, the results will be saved in the “gobuster-scan.txt” file.

This command will attempt to identify any available folders with the provided file extensions on the target web server by doing a recursive directory brute-force search. Any identified directories will be displayed in the command's output, along with each directory's HTTP response code.

Feroxbuster

A fast and simple web content scanner that can be used for directory bruteforcing. It uses a wordlist to discover hidden directories and files on a web server. You can find this tool on github feroxbuster

Here is the command for dir bruteforce using feroxbuster

feroxbuster -u https://$target -x html,php,aspx,json,zip,txt -o feroxbuster-scan.txt

-u https://$target: This flag specifies the URL of the target web server that needs to be scanned.

-x html,php,aspx,json,zip,txt: This flag specifies the extensions of the files to be scanned.

-o feroxbuster-scan.txt: This flag specifies the output file name where the results of the scan will be saved.

In this case, the command will search the specified target server for files with the extensions html, php, aspx, json, zip, and txt and store the information to a file called feroxbuster-scan.txt.

Dirsearch

The dirsearch tool is a Python-based web path scanner that uses a brute-force or dictionary attack to look for web directories and files. The application is made to make it easier for security researchers and penetration testers to locate hidden directories and files on web servers. It employs a variety of techniques to find directories and files on the target web server, including brute-forcing, dictionary assaults, and spidering. The tool is being used in this particular command to scan the target URL using a particular wordlist and extensions while excluding a particular error code.This utility is available on Gihtub. dirsearch

Here is the dir bruteforce command using dirsearch.

dirsearch -u http://$target -e php,html,txt -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txt -x 403,404 -t 50 -b -o dirsearch-scan.txt

-u http://$target: This specifies the target URL to scan. $target is a variable that should be replaced with the actual target URL.

-e php,html,txt: This specifies the extensions of files to be searched for in the directories. In this case, it is set to php, html, and txt.

-w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txt: This sets the wordlist to be used for the directory brute-forcing. In this case, it is using the directory-list-2.3-small.txt wordlist located in /usr/share/seclists/Discovery/Web-Content/.This wordlist contains a smaller set of common web directories and files, which can help speed up the scanning process.

-x 403,404: This specifies the status codes to exclude from the results. In this case, it is excluding 403 and 404 errors.

-t 50: This sets the number of threads to be used in the scanning process. In this case, it is set to 50.

-b: This enables brute-forcing mode. This means that it will try to find any existing directories or files by brute-force.

-o dirsearch-scan.txt: This specifies the name of the output file to which the scan results will be saved.

Bash Script For Dir Bruteforce

One of the most crucial duties for a penetration tester or security researcher is identifying vulnerable endpoints on a web server. To do this, a variety of instruments are frequently used. One such method is to brute force directories on a web server using a bash script that incorporates several tools. So, here is my script that uses a variety of methods to detect directories on websites.

You can simply copy this script, paste it in your editor of choice or mousepad, and save the result as a file with the.sh extension, for instance solorec.sh. Save the file now and grant permission.

example: chmod +x solorec.sh

Now run the script using

./solorec.sh <target domain>

Example : ./solorec.sh hackerone.com

#!/bin/bash

# Usage: ./dirsearch.sh <target>

target=$1

echo ' ____ _ ____

/ _| _ | | ___ | _ \ _ _

\___ \ / _ \| | / _ \| |_) / _ \/ __|

___) | (_) | |__| (_) | _ < / (

|__/ \_/|___\_/|_| \_\_|\_|

Created by Mrsolo'

echo "[*] Starting directory search for $target"

echo "[*] Created By MrSoLo"

# Create a scan folder for the target

scan_folder="$target"

echo "[*] Creating scan folder $scan_folder"

mkdir $scan_folder

cd $scan_folder

# Use gobuster for directory scanning

echo "[+] Running gobuster"

gobuster dir -u http://$target -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt -o gobuster-scan.txt

# Use ffuf for directory scanning

echo "[+] Running ffuf"

ffuf -w /usr/share/seclists/Discovery/Web-Content/common.txt -u http://$target/FUZZ -e .php,.html,.txt -o ffuf-scan.txt

# Use dirsearch for directory scanning

echo "[+] Running dirsearch"

python3 /opt/dirsearch/dirsearch.py -u http://$target -e php,html,txt -w /usr/share/seclists/Discovery/Web-Content/common.txt -x 403,404 -t 50 -b -o dirsearch-scan.txt

# Use feroxbuster for directory scanning

echo "[+] Running feroxbuster"

feroxbuster -u https://$target -x html,php,aspx,json,zip,txt -o feroxbuster-scan.txt

echo "[+] Done!"

Let me tell you how this script work

This is a bash script designed for directory scanning of a target website. The script automates the use of several popular tools for directory enumeration and saves the results in a separate folder for each target.

The script works as follows:

It takes a target URL as an argument.
It creates a directory with the name of the target to store the results of the scan.
It then runs the following tools for directory scanning:
gobuster
ffuf
dirsearch
feroxbuster
Each tool saves its results in a separate text file with the name of the tool and “-scan.txt” appended to it.
The script ends with a message stating that the scan is complete.

The script uses the following commands and tools:

echo: used to display messages and output

mkdir: used to create a directory for the target

cd: used to change the current working directory to the scan folder for the target

gobuster: a command-line tool used to brute-force website directories and files

ffuf: a fast web fuzzer used for directory and file enumeration

dirsearch: a web path scanner that searches for directories and files in websites

feroxbuster: a tool used for fast web directory and file enumeration

The script is helpful for automating the directory scanning procedure for a specific website and saves time over running each tool individually.

"Please get in touch with me if you have any questions or need assistance. I'm always happy to help out however I can. Thank you for utilising my script and reading the blog i hope this will be beneficial for you and happy hunting!"

Menu

Directory Bruteforcing on Web Server

FFUF

A fast web fuzzer that can be used for both content discovery and directory bruteforcing. It can be used to discover hidden directories and files on a web server by fuzzing with a wordlist.You can find this tool github FFUF

Here is the command for dir bruteforce using FFUF

ffuf -w /usr/share/seclists/Discovery/Web-Content/common.txt -u http://$target/FUZZ -e .php,.html,.txt -o ffuf-scan.txt

-w /usr/share/seclists/Discovery/Web-Content/common.txt specifies the wordlist file to be used for directory and file brute-forcing.

-u http://$target/FUZZ specifies the URL to scan, with FUZZ as a placeholder for the files/directories to test.

-e .php,.html,.txt specifies the file extensions to test.

-o ffuf-scan.txt specifies the output file to write the results to.

In this case, ffuf is being used to brute-force directories and files on the web server using the common wordlist file located at /usr/share/seclists/Discovery/Web-Content/common.txt. The output of the scan is saved to a file called ffuf-scan.txt.

Gobuster

Gobuster is another popular tool for brute force directory and file discovery on web servers. It is an open-source tool that can be used to search for hidden files and directories on a website. you can find this tool in github gobuster

Here is the command for dir bruteforce using gobuster

gobuster dir -u http://$target -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt -o gobuster-scan.txt

The command “gobuster dir” is used for directory enumeration and is a part of the Gobuster tool. The options used in the command are:

“-u” specifies the target URL to be scanned.

“-w” specifies the wordlist to be used for directory brute forcing. In this case, the medium directory wordlist from SecLists has been used.

“-x” specifies the file extensions to be searched for. In this case, only “.php”, “.html”, and “.txt” extensions have been specified to be searched for.

“-o” specifies the output file where the results of the scan will be saved. In this case, the results will be saved in the “gobuster-scan.txt” file.

This command will attempt to identify any available folders with the provided file extensions on the target web server by doing a recursive directory brute-force search. Any identified directories will be displayed in the command's output, along with each directory's HTTP response code.

Feroxbuster

A fast and simple web content scanner that can be used for directory bruteforcing. It uses a wordlist to discover hidden directories and files on a web server. You can find this tool on github feroxbuster

Here is the command for dir bruteforce using feroxbuster

feroxbuster -u https://$target -x html,php,aspx,json,zip,txt -o feroxbuster-scan.txt

-u https://$target: This flag specifies the URL of the target web server that needs to be scanned.

-x html,php,aspx,json,zip,txt: This flag specifies the extensions of the files to be scanned.

-o feroxbuster-scan.txt: This flag specifies the output file name where the results of the scan will be saved.

In this case, the command will search the specified target server for files with the extensions html, php, aspx, json, zip, and txt and store the information to a file called feroxbuster-scan.txt.

Dirsearch

dirsearch -u http://$target -e php,html,txt -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txt -x 403,404 -t 50 -b -o dirsearch-scan.txt

-u http://$target: This specifies the target URL to scan. $target is a variable that should be replaced with the actual target URL.

-e php,html,txt: This specifies the extensions of files to be searched for in the directories. In this case, it is set to php, html, and txt.

-x 403,404: This specifies the status codes to exclude from the results. In this case, it is excluding 403 and 404 errors.

-t 50: This sets the number of threads to be used in the scanning process. In this case, it is set to 50.

-b: This enables brute-forcing mode. This means that it will try to find any existing directories or files by brute-force.

-o dirsearch-scan.txt: This specifies the name of the output file to which the scan results will be saved.

Bash Script For Dir Bruteforce

You can simply copy this script, paste it in your editor of choice or mousepad, and save the result as a file with the.sh extension, for instance solorec.sh. Save the file now and grant permission.

example: chmod +x solorec.sh

Now run the script using

./solorec.sh <target domain>

Example : ./solorec.sh hackerone.com

#!/bin/bash

# Usage: ./dirsearch.sh <target>

target=$1

echo ' ____ _ ____

/ ___| ___ | | ___ | _ \ ___ ___

\___ \ / _ \| | / _ \| |_) / _ \/ __|

___) | (_) | |__| (_) | _ < __/ (__

|____/ \___/|_____\___/|_| \_\___|\___|

Created by Mrsolo'

echo "[*] Starting directory search for $target"

echo "[*] Created By MrSoLo"

# Create a scan folder for the target

scan_folder="$target"

echo "[*] Creating scan folder $scan_folder"

mkdir $scan_folder

cd $scan_folder

# Use gobuster for directory scanning

echo "[+] Running gobuster"

gobuster dir -u http://$target -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt -o gobuster-scan.txt

# Use ffuf for directory scanning

echo "[+] Running ffuf"

ffuf -w /usr/share/seclists/Discovery/Web-Content/common.txt -u http://$target/FUZZ -e .php,.html,.txt -o ffuf-scan.txt

# Use dirsearch for directory scanning

echo "[+] Running dirsearch"

python3 /opt/dirsearch/dirsearch.py -u http://$target -e php,html,txt -w /usr/share/seclists/Discovery/Web-Content/common.txt -x 403,404 -t 50 -b -o dirsearch-scan.txt

# Use feroxbuster for directory scanning

echo "[+] Running feroxbuster"

feroxbuster -u https://$target -x html,php,aspx,json,zip,txt -o feroxbuster-scan.txt

echo "[+] Done!"

Let me tell you how this script work

This is a bash script designed for directory scanning of a target website. The script automates the use of several popular tools for directory enumeration and saves the results in a separate folder for each target.

The script works as follows:

It takes a target URL as an argument.

It creates a directory with the name of the target to store the results of the scan.

It then runs the following tools for directory scanning:

gobuster

ffuf

/ _| _ | | ___ | _ \ _ _

___) | (_) | |__| (_) | _ < / (

|__/ \_/|___\_/|_| \_\_|\_|