However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide! If you have the time.
DirBuster currently comes built into the Kali Linux OS which also includes a few different wordlists to use and try and brute force and sniff out files and directories. I have been using this tool for quite some time now for file discovery and content within a webspace. Provided this webspace is owned and autorization is given from the owner.
I have had a few clients ( wont give out names ) who have had shells injected and then websites defaced or just left alone. The porblem with shells is where you find one you may find more. If you suspect a shell is somewhere on your space then using DirBuster to check through all directories and files will something be much faster depending on how much content you have in your /www/ folde if thats where its located.
One site had a c99 shell in a easy to find location ( /www//cgi-bin/c99) we were able to find this without the scanner but then upon running the scan they were able to impliment more shells within more folders. I think we were able to detect 4 shells loaded which we assume were from the same attacker. We were able to remove them and then able to fix the vulnerability and have seen no more attacks be successful.
How to use DirBuster
*ALWAYS USE A VPN*
Boot up your kali box and open up terminal and type "dirbuster" without the quotes.
You will then see dirbuster open up.
![[Image: ycX9k16A_t.png]](https://thumbs2.imgbox.com/8c/ed/ycX9k16A_t.png)
The target URL is going to be the website you want to scan.
The number of threads will determine the speed of the scan but also can cause the site toblock the scan if the hosting is setup for ddos protection etc. So that may take some testing to try and get the fastest possible scan.
Leave list based brute force ticked and then using the browsebutton browse to your word list. default list is ( /usr/share/dirbuster/wordlist)
![[Image: UIyUZScC_t.png]](https://thumbs2.imgbox.com/24/25/UIyUZScC_t.png)
leaving everything else default you can hit start. Ehat this will do is start scanning the website directories and files for the words in your wordlist. If you are scanning a fikle for a known word but that word is not in your list then it most likelywont find it but it possibly can list it.
Once it starts scanning it will take you to a results page in which you can watch the scan or go to the folders/tree area and see the break down of the scan.
The scan willtake sometime to complete so let it run and go get some coffee.
This will not give you any more information then simply the files and folders name and location inside a web directory. The wordlist that is used can also through a lot of falsepositives if the server is redirecting that directory while it is being scanned. If you are scanning a website with cpanel/whm you will see a lot of webmail/mail folders if the client host has email list enabled even if they are not being used so they will show up in the scan even if they are physically not in the directory.
This is a good method of scanning if you are using some of the default directoriesand folders that come preinstalled with some web templates or platforms.
As always, if you use this on a site that is not your own or permission then i take no responsibility to what happens. I know this is a simple scan but still an invasion if not your own property.
Let me know if you find anything that you did not know what on your web directory when you perform your scan!