# Directory & File Enumeration

{% hint style="success" %}
Follow the link for more [Web Hacking Techniques](/web-application-hacking/web-techniques.md) other than basic enumeration.
{% endhint %}

## Methodology

### Directory Enumeration (fuzzing) vs Directory Spidering

There are 2 basic methods that we can use here. We can either take a list of common directories crafted for our target (Check [SecLists](https://github.com/danielmiessler/SecLists)) and enumerate the domain with tools like [gobuster](/reconnaissance/web-server/directory-and-file-enumeration/enumeration/gobuster.md), [dirb](/reconnaissance/web-server/directory-and-file-enumeration/enumeration/dirb.md), dirbuster, [nikto](/reconnaissance/web-server/directory-and-file-enumeration/enumeration/nikto.md), wfuzz, and burp.&#x20;

Or we can [spider/crawl](/reconnaissance/web-server/directory-and-file-enumeration/crawling.md) the site following links and using burp to build a site scope of linked pages. This second method can be better if we want to test for files that we can see after a login and then check if they are still accessible after a logoff.&#x20;

{% hint style="info" %}
Server-side scripting files like PHP, .NET, JSP may not display correctly without params passed.  Make sure to test them with different combinations to see if authorization is broken for these files.
{% endhint %}

## Directory Enumeration with Params:

{% hint style="danger" %}
Note this for <mark style="color:red;">**302**</mark>'s
{% endhint %}

Often times if we request a file it can give us a 302 to the page. If you see these response codes in your enumeration results. Make a new list of the results and then try [fuzzing](/reconnaissance/web-server/directory-and-file-enumeration/fuzzing.md) that second list with param value combinations. Below we see that if we add a param to the same unauth request we can then change the 302 to a viewable 200 page.&#x20;

### <mark style="color:red;">302</mark>:

![getPersonalData.php](/files/-MeS_wydjStajsgRWMDk)

### 200:

![getPersonalData.php?user=angela](/files/-MeSa-HnNjXQhGor7S-i)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.hackbook.io/reconnaissance/web-server/directory-and-file-enumeration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.