Do you guys have a favorite tool for enumerating directories on web servers? I’m partial to Dirb, although there is also Dirbuster, GoBuser etc. Is there another tool you prefer for any specific reason?
I usually use dirb for the sake of simplicity but I feel like it doesn’t provide as much options as it’s other rivals, somehow I feel improvising a tool for a certain machine would be the best thing to do, looking forward to see other people’s choices
dirb or dirbuster.
I usally use dirbuster , sometimes i do it manualy on Burp
dirsearch and gobuster
Mostly dirsearch ,gobuster and wfuzz. Because I don’t like gui.
go with gobuster
gobuster. dirbuster if recursive search is required.
dirsearch
gobuster for sure
speaking about that, my gobuster command doesnt enter directories, is there a param or sth to do ?
Try with epi’s wrapperhttps://forum.hackthebox.eu/discussion/1439/tool-recursive-wrapper-for-gobuster#latest
thanks
This article is written in french, but i think the charts and the idea can be understood without much trouble:
https://blog.bssi.fr/evaluation-des-performances-doutils-de-bruteforce-url/
It’s just a speed benchmark and comparison betweenr some of the best known tools for url discovery. And the results, sincerelly, are completely unexpected for me.
all is pretty same, try all and than choose which you like.,
I usually use ffuf: GitHub - ffuf/ffuf: Fast web fuzzer written in Go
It’s pretty fast, allows fuzzing more than just dirs/files (like wfuzz), allows specifying an extension list, can filter by several different criteria (response code, response size, number of words, etc.), and allows recursive „fuzzing“