DirBuster
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.
Even if the concept of DirBuster isn’t exactly something new, there a few features of the program that would make you choose it instead of coding a script/program that will accomplish the same task. Among those features are the following:
- Multi threaded (in tests up to 6000 requests/second)
- https support
- file busting support
- able to scan deeper in the directories it finds
- can also work in bruteforce mode
- custom HTTP headers
- proxy support
- content analysis when failed requests come with a 200 header response
- custom file extension
- performance settings can be modified while the program is running
- basic, digest and ntlm authentication support
- command line and GUI interface
Even if this details won’t make you feel warm and fuzzy, the lists that come with it will surely make you.
For more info check out the project page on OWASP here.
Hey -
Thanks for the article, nice! I keep a list of my favorite directory enumeration tools on my blog if you want to check it out. Address: http://www.jocktoday.com/2010/02/12/enumerate-directories-and-files/