com.sittinglittleduck.DirBuster.Help.Basic.html Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of dirbuster Show documentation
Show all versions of dirbuster Show documentation
DirBuster is a multi threaded java application designed to brute force directories and
files names on web/application servers. Often is the case now of what looks
like a web server in a state of default installation is actually not, and has pages and applications
hidden within. DirBuster attempts to find these.
The newest version!
Basic Useage Information
To start DirBuster the following steps need to be undertaken:
- Enter the target host as a full URL. eg http://www.target.com/
- Select the if you wish to wish DirBuster to use only GET requests, or to auto switch between HEAD/GET
- If the web server does not support head requests, then select GET only
- In auto mode DirBuster will attempt to establish if the server supports HEAD requests, only if it does will DirBuster use HEAD requests
- Select the number of threads required for testing. 10 threads will normally result in ~300 requests/sec. However at 200+ threads ~6000 requests/sec can be obtained, use this speed with caution!
- Select if you wish to use list based file and dir guessing or a pure brute force.
- If list based testing is selected enter list you wish to use via the Browse button
- If pure brute force, select the char set you wish to use, and enter both min and max length of the generated string
- Select the method of testing Standard or URL Fuzz
- If standard testing selected, choose if you wish to test for directoies and/or files, the start point, and names of any file extentions you wish to use.
- If fuzz based testing is selected, enter the URL, and subsiute the point of fuzz with {fuzz}
- All should be good, so hit the start button