Directory & File Enumeration

Follow the link for more Web Hacking Techniques other than basic enumeration.

Methodology

Directory Enumeration (fuzzing) vs Directory Spidering

There are 2 basic methods that we can use here. We can either take a list of common directories crafted for our target (Check SecLists) and enumerate the domain with tools like gobuster, dirb, dirbuster, nikto, wfuzz, and burp.

Or we can spider/crawl the site following links and using burp to build a site scope of linked pages. This second method can be better if we want to test for files that we can see after a login and then check if they are still accessible after a logoff.

Server-side scripting files like PHP, .NET, JSP may not display correctly without params passed. Make sure to test them with different combinations to see if authorization is broken for these files.

Directory Enumeration with Params:

Note this for 302's

Often times if we request a file it can give us a 302 to the page. If you see these response codes in your enumeration results. Make a new list of the results and then try fuzzing that second list with param value combinations. Below we see that if we add a param to the same unauth request we can then change the 302 to a viewable 200 page.

302:

200:

PreviousSubdomains NextEnumeration

Last updated 2 years ago