How to find hidden directories in a website

The reconnaissance and scanning phases of a penetration test are arguably the most important of the entire process. Without a clear understanding of the bigger picture and the avenues potentially available to you, you won’t be going very far at all. As part of this process, it’s very likely that you regularly come up against web servers and just as likely that these servers will be hosting web applications. I mean, what’s the point of a web server otherwise, right? With this in mind, it’s critically important to be able to properly enumerate and gather information from these servers as you go about your penetration test. In this article, I’ll be discussing the usage of some of the most common automated tools created for directory enumeration. Ready? Then read on!

 

tools like Gobuster automate the process of scanning for directories so that you don’t have to sit around typing hundreds or thousands of common directory names in a browser. Assuming you’re using Kali Linux (and let’s face it, you probably are), this tool doesn’t come standard and you’ll need to download it with “sudo apt-get install gobuster” in the terminal. Once you have that, you’re ready to roll.

The basic syntax for this tool on Kali is

gobuster -u http://192.168.52.131:80 -w /usr/share/wordlists/yourwordlist.txt

This will set Gobuster off on a directory scan for directories matching whatever is in your chosen wordlist. Keep in mind that you can also use HTTPS and/or change the port number appropriately based on your needs.

I wonder what treasures Gobuster will reveal.

Another very useful feature of Gobuster is that it can also scan for given filename extensions on the web server and not just directories. This can be done by appending “-x .php”, or whatever extension you like after the -x, and is a good idea if you want to be more thorough in your scan.

 

For a more detailed explanation, check our video on YouTube –

Share the Post...
WhatsApp

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Recent Posts

Follow Us on Youtube

CSEP : Certified Security Engineer Professional

Certified Security Engineer Professional (CSEP) certification is a comprehensive program designed for individuals aspiring to become cybersecurity engineers. It equips candidates with hands-on knowledge across various in-demand cybersecurity domains, ensuring they are well-prepared for current and future industry needs.

Organizations today seek candidates with a diverse set of skills beyond just one tool or area of expertise. The CSEP certification addresses this need by providing essential hands-on experience, making you proficient in multiple cybersecurity domains.

The program includes live classes featuring practical exercises, followed by a real-time project that offers valuable industrial knowledge.

Domains covered in the CSEP certification:

  • Cybersecurity Essentials
  • Penetration Testing
  • Application Security
  • Security Operations
  • AI in Cybersecurity
  • Multi-Cloud Security
  • Threat Intelligence

 

This certification is ideal for those looking to secure a role as a cybersecurity engineer and want to gain a competitive edge in the cybersecurity field.

For Further kindly feel free to fill out the profile form  for relevant information on our counselor will get in touch with you

Sign up for our Newsletter

Interested in Cyber Security Training Program 2024 – Click Here
Open chat
1
Hello 👋
How can we help you?