Ech0's Blog

Ech0 - 00 / 00 / 00

CheatSheet - Dirbusting

Description:



Dirbusting comes into play onto webservers (port 80 by default) using directory wordlists. While it can be considered as vital onto low-security websites, it is usually rendered useless if the webserver can automatically blacklists your ip after too many requests. The best case scenario for dirbusting, is when the webserver has a good bandwidth, and is running http. In most cases, targeted websites have HTTPS enabled, which renders the dirbusting process extremely slow. The worst case scenario is obviously the webserver being able to blacklist your ip after too many attempts.

The classic : dirb 



→ dirb https://ech1.netlify.com/

-----------------
DIRB v2.22
By The Dark Raver
-----------------

START_TIME: Tue Jan 28 10:41:27 2020
URL_BASE: https://ech1.netlify.com/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612

---- Scanning URL: https://ech1.netlify.com/ ----
+ https://ech1.netlify.com/about (CODE:200|SIZE:11840)
+ https://ech1.netlify.com/About (CODE:301|SIZE:11840)
+ https://ech1.netlify.com/blog (CODE:200|SIZE:5274)
+ https://ech1.netlify.com/Blog (CODE:301|SIZE:5274)
^C> Testing: https://ech1.netlify.com/broadband

Multi-threaded : Dirsearch



Dirsearch is by far my favorite method to enumerate directories on a webserver, the number one reason being it's sheer speed, due to the multi-threading flag we can specify. 

  → dirsearch -u https://ech1.netlify.com/  -x 403,302 -e txt,html,php,js -t 50

   _|. _ _  _  _  _ _|_    v0.3.9
  (_||| _) (/_(_|| (_| )

  Extensions: txt, html, php, js | HTTP method: get | Threads: 50 | Wordlist size: 7126

  Error Log: /home/ech0/.dirsearch/logs/errors-20-01-28_10-45-51.log

  Target: https://ech1.netlify.com/

  [10:45:51] Starting:
  [10:45:52] 301 -   12KB - /%3f/  ->  /
  [10:45:58] 200 -   12KB - /about
  [10:45:59] 200 -   12KB - /about.html
  [10:46:07] 301 -    5KB - /Blog  ->  /blog
  [10:46:07] 200 -    5KB - /blog
  [10:46:09] 200 -    4KB - /contact
  [10:46:13] 301 -   12KB - /Index  ->  /
  [10:46:13] 301 -   12KB - /index  ->  /
  [10:46:14] 200 -   12KB - /index.html
  [10:46:14] 301 -   12KB - /index.htm  ->  /
  [10:46:14] 200 -  162B  - /index2.php
  [10:46:20] 200 -  160B  - /readme.md
  [10:46:20] 200 -  160B  - /README.md

  Task Completed

3



4