How to — Directory Enumeration

Directory Enumeration is an important skill every penetration tester and hacker should have in their skill pouch. It is a technique to find possible directories that might be present in a web server by performing a brute-force attack using a popular directory name list. Let’s see it in action and understand what it means and how it is done.

We will be using 3 tools i.e. Gobuster, Dirbuster and Dirb. Each having their own advantages and disadvantages

Step1: Open Kali Terminal and install Gobuster by typing sudo apt install gobuster . After it’s installed, fire up gobuster by typing gobuster -h .

For demo purposes, I’m using a site named testphp.vulnweb by Acunetix which is an intentionally vulnerable website developed for testing purposes.

In the terminal type gobuster dir -u http://testphp.vulnweb.com -w /usr/share/wordlists/dirbuster/directory-medium-2.3.txt . You will see the directories present in the webserver.

If you visit the site by mentioning the directories, you’ll see the content listing within the directories.

If you want to list directories and its content based upon certain extensions like .txt, .css, .js etc. for that you can use the -x flag.

This will only list the files having the mentioned extensions given in the -x flag.

Dirb

Now let’s see how to enumerate directories using Dirb. For that type in the terminal dirb http://testphp.vulnweb.com /usr/share/wordlists/dirb/common.txt . You will see the enumerated directories

Dirbuster

Now we’ll use Dirbuster — A GUI version of dirb to enumerate the directories.

Go to the Application icon -> Web Application Analysis -> Web crawlers and Directory Bruteforce -> Dirbuster

Now enter the target information and the wordlist file step wise as shown in the image below.

After the information has been filled, click on Start button to start the attack. The window will look like this.

Let’s switch to List view and Tree view to view the results.

List view of the enumerated directories

The above image is of the list view of the directories that have been found in the webserver. We can right-click on the interested file and will get several options like Open in Browser etc.

Let’s explore the tree view.

Tree view of the enumerated directories

Like the list view, we can right-click and can get several options like View Response which will show us the HTTP Response of the website.

These were the 3 easy and most used methods of enumerating directories on a vulnerable web application. This is all for today. See you at the next one :)