Day 18, Web Reconnaissance Or Information Gathering — Part 3#100DaysofHacking

Directory Brute-Forcing

Directory Brute-Forcing is a technique of finding hidden directories which are available on the web server. There are many cases in which hackers find directories which contains very sensitive information like admin panels, password files, outdated functionalities , database copies etc.

Dirbuster

Dirbuster is another gui based tool , simply enter dirbuster in terminal and hit enter then after that enter the url and select the path of wordlist as shown in fig or you can your own also if you want, but in this you should compulsory give the file extension, so here I have given .php. Then after that just click on attack and side by side check your terminal you’ll get the name of files and directories whatever this tool has found.

Gobuster

Gobuster is another tool which can be used to find the same.

Task to do:

Now for you to perform testing , you can do on this domain: scanme.nmap.org

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ayush Verma

Ayush Verma

Hello eveyone , this is Ayush from India and I'm pursuing engineering in computer science and working towards my cybersecurity journey .