Scribd Logo
Upload

Welcome to Scribd!

  • VU21997 - Expose Website Security Vulnerabilities - Class 5 DIRB

    Uploaded by

    cryptailmine
    8 views2 pages
    DIRB is a tool that automates scanning websites to identify hidden or unknown pages and directories by making guesses about potential URLs based on common folder names and structures. It uses predefined wordlists of common folder names tailored to specific web server software and technologies. The document recommends using DIRB to probe example websites like Web For Pentester and Webgoat as a 5-minute exercise to familiarize oneself with how DIRB works and what it can discover.

    Original Description:

    Original Title

    VU21997 - Expose website security vulnerabilities - Class 5 DIRB

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    DIRB is a tool that automates scanning websites to identify hidden or unknown pages and directories by making guesses about potential URLs based on common folder names and structures. It uses predefined wordlists of common folder names tailored to specific web server software and technologies. The document recommends using DIRB to probe example websites like Web For Pentester and Webgoat as a 5-minute exercise to familiarize oneself with how DIRB works and what it can discover.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    8 views2 pages

    VU21997 - Expose Website Security Vulnerabilities - Class 5 DIRB

    Uploaded by

    cryptailmine
    DIRB is a tool that automates scanning websites to identify hidden or unknown pages and directories by making guesses about potential URLs based on common folder names and structures. It uses predefined wordlists of common folder names tailored to specific web server software and technologies. The document recommends using DIRB to probe example websites like Web For Pentester and Webgoat as a 5-minute exercise to familiarize oneself with how DIRB works and what it can discover.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    DIRB – Directory Buster

     Nearly all websites use folders and


    shortcuts to organise data
     Question: If your favourite company
    was named ACME, what might their
    ‘admin’ web URLs look like?
     admin.acme.com?
     www.acme.com/admin?
     hidden.acme.com/admin?
     DIRB automates this scanning
     Spidering for hidden/unknown pages
    and websites
     Is this ‘active’ or ‘passive’ scanning?
     Active: don’t scan without permission
    DIRB wordlists

     What words does DIRB use?


     Wordlists are commonly reused
    within certain systems
     Have an apache server? Use the
    apache wordlist
     cold-fusion server?
     Web server with CGI enabled?

     5 minute exercise
     Start Web For Pentester and
    Webgoat
     Use DIRB to probe both websites
     Have more time? Open the
    apache.txt wordlist and view it

    You might also like