Dirbusting

101

Fuzzing vs Dirbusting

Fuzzing is a broad testing method where many random or crafted inputs are sent to an application to find bugs or vulnerabilities.

Directory busting is a technique used to find hidden or unlinked directories and files on a web server by systematically guessing or trying many possible names. Directory busting is a specific type of fuzzing focused on uncovering directories and files on a server.

Subdomain vs Vhost

A subdomain is like an extension of your main website address. For example, if your main website is example.com, a subdomain could be blog.example.com or shop.example.com. It’s part of the internet’s addressing system called DNS, which works like a phonebook that tells computers where to find websites. Creating a subdomain lets you organize different parts of your website or even run separate sites under the same main domain name.

A Virtual Host (vhost) is a set of instructions on a web server that tells it how to handle requests for different domain names or subdomains. Imagine a web server as a building that hosts many websites at once. The virtual host settings act like room assignments, so when someone visits blog.example.com, the server knows exactly which website files to show for that address. This way, one server can manage many websites or subdomains without mixing them up.

Subdomains and vhosts work together: the former points users to your server, and the latter tells the server what to do with those requests.

.DS_Store

The .DS_Store file is a hidden metadata file that macOS automatically creates in every folder opened in Finder. It stores visual settings like icon layout, view preferences, and other folder display details.

While it's harmless and meaningless to the server itself (like IIS on Windows), it can leak valuable information. If a .DS_Store file is publicly accessible on a web server, it may contain references to files or subdirectories that aren’t directly linked or visible in the browser.

Using tools like ds_walk.py can extract and reconstruct the folder structure that the .DS_Store file references.

./ds_walk.py -u http://compatibility

Tools

ffuf is a fast web fuzzer written in Go.

Directories:

ffuf -u http://example.com/FUZZ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -ac -c -ic -recursion -recursion-depth 3

Files:

ffuf -u http://<target>/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt -ic -c -ac -e .php,.txt,.aspx

Subdomains:

ffuf -u http://FUZZ.example.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -ac -c -ic

Vhosts:

ffuf -u http://site.com -w /usr/share/seclists/Discovery/DNS/namelist.txt -H "HOST: FUZZ.site.com" -ac -c -ic

Parameters:

ffuf -u https://streamio.htb/admin/?FUZZ=* -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt -ic -c -ac -k -H 'Cookie: PHPSESSID=l5l8ad3k06f2h9493eqgtn9ppb'

POST parameters:

ffuf -w <WORDLIST> -u <URL> -X POST -H 'Content-Type: application/json' -d '{"uid":"FUZZ"}'

gobuster is a brute-forcing tool written in GO.

Directories:

gobuster dir -u http://site.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Files:

gobuster dir -u http://site.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .aspx,.html,.php,.txt,.jsp

Subdomains:

gobuster dns -d site.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -i

# Local DNS
gobuster dns -d site.com -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-20000.txt -r 10.10.10.10:53 -i

Vhosts:

gobuster vhost -u http://10.10.10.10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt --append-domain

dirsearch is a web path brute-forcer tool.

Directories:

dirsearch -u http://172.16.10.10:8081/

PreviousJenkins NextFile Inclusion

Last updated 24 days ago

Was this helpful?