Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This is a multi-threaded Java application that performs brute force over directories and file names on web/application servers. The brute force approach by the tool shows all the hidden files and directories on web/application servers as well.
Teaching Assistant Vikramajeet Khatri and Tahir Ibrahim
(Disclaimer: Breaking Stuff with Robert is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Robert' episode. However, you can still earn a certificate of completion for each episode completed.)
Using the DirBuster Application
The DirBuster tool is a multi-threaded java application that is used to perform brute force over directories and file names on web and application servers. DirBuster attempts to find hidden directories and pages within a web application, providing users with an additional attack vector. This is the primary function of the application; it won’t exploit anything that it finds.
DirBuster works by identifying content within the application or on the web server that isn’t required. It helps developers to build secure applications by helping them understand that not linking to a page doesn’t mean that the page can’t be accessed.
Why Use the DirBuster Application?
There are many features and benefits that make learning how to use the DirBuster tool worthwhile. It’s a powerful scanning tool that can be used by developers and pen-testers alike. The DirBuster tool is a graphical user interface (GUI) application that includes the following features:
- It works over http and https
- It scans for both files and directories
- It scans recursively into the directories it identifies, providing more in-depth searches
- It can be started on any directory
- It’s able to perform brute force or a list-based scan
The DirBuster is able to perform brute force scans at super high speeds and the GUI is easy to use. It comes with its own collection of wordlists to use in different situations, but it also allows the users to make their own wordlists allowing them to brute force specific targets.
Tools like DirBuster are only as effective as the directory and file list they contain. That’s why DirBuster generated its lists by searching the Internet and gathering the directories and files that are actually used by developers. There is a total of 9 different lists. That makes DirBuster very effective at finding any hidden files and directories.
If you want to find out more about how to use the DirBuster scanning tool, please check out our How to Use DirBuster tutorial. In the tutorial, you will learn the basics of DirBuster use quickly, so you can add the tool to your penetration testing toolbox right away. To enroll in the tutorial just click on the Register button at the top right corner of this screen.