Spider tool to scan websites for hidden pages/directories.
OSCP: Officially allowed during the exam according to the OSCP Exam Guide
Scan website for hidden pages
💡 Word list should be updated to add the current year.
nano /usr/share/dirb/wordlists/common.txt
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024Use a proxy
- Options -> Advanced Options
- Http Options tab.
- Check the ‘Run Through a Proxy’ checkbox and set the ‘Host’ to localhost and the ‘Port’ to 8118.
- Click on OK, then run DirBuster as normal.
Search for directories listed in common.txt on website URL
URL=x.x.x.x/mutillidae
WL=/usr/share/dirb/wordlists/common.txt
EXT=".asp,.aspx,.bat,.c,.cfm,.cgi,.com,.dll,.exe,.htm,.html,.inc,.jhtml,.jsa,.jsp,.log,.mdb,.nsf,.php,.phtml,.pl,.reg,.sh,.shtml,.sql,.txt,.xml,/"
dirbuster -u $URL -l $WL -e $EXTFind web backup files
URL=x.x.x.x/mutillidae
WL=/usr/share/dirb/wordlists/common.txt
EXT="~,copy.asp,.1,.~1~,.zip,.tar.gz,.sql,.old,.bak,.txt"
dirbuster -u $URL -l $WL -e $EXT