Using DirBuster to find files and Folders in a Website

While pentesting a website we want to go through all the pages in it so that the most obvious vulnerabilities may not be left behind and someone else reports it before us to earn the credit. Going through all the pages manually and then testing them can be a tedious process and also unrewarding which demotivates us and we all know that 

persistence comes first while hacking. Thus, to keep us motivated and leave this boring task of browsing the pages to be done automatically we use DirBuster.


DirBuster uses brute force techniques to find the files and folders present in a website on a web server where the words list can be downloaded from HERE or we can also use a custom words list which contains words like :
phpmyadmin
login
admin
robots.txt
info

or any other word which a URL may contain.

Steps to Find : 

Step 1 : Open Terminal in Kali.

Step 2 : Type dirbuster and press Enter.

 

Step 3 : A window will open showing GUI of DirBuster.

Step 4 : Put the website to be tested in Target URL (eg http://example.com:80/) .

Step 5 : Choose your words list on the bar saying File with list of dirs/files.

Step 6 : Select URL Fuzz between Standard start point and URL Fuzz.

Step 7 : To replace a word with words in the list, use {dir}.

Step 8 : Finally press the Start button which has a play sign on it. It can be found in the bottom right corner of the window.

All the found files and directories will be listed in the Results tab with its Response code.

 

Note : The dirs/files with response code 200 are the only ones present on the web server.

 So, this was an introductory tutorial on DirBuster. The success of finding the things here lies in choosing the place of {dir} and wordlist you choose. Hope you find it helpful and find all the directories and files of your concerned website. Comment below any feedbacks and if you are having any difficulties in following the steps.

Thanks for Reading

Happy Hacking !!