Posts tagged tools
During Web Application Pentest finding the Sensitive directories files and folders is always a quite tough work.
what is DirBuster
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.
now i will be showing how to use Dirbuster to find sensitive directories and files in a web application , for the demo i will be using Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10.
- cd /pentest/web/dirbuster
- root@punter:/pentest/web/dirbuster# java -jar DirBuster-0.12.jar -u http://192.168.0.103/mutillidae/
now browse and select the directory bruteforce lists ex: directory-list-1.0.txt.
now run the start button u will see Dirbuster will start bruteforcing the dir and files.
see the results it has found /mutillidae/passwords/accounts.txt
All the past and updated Presentations from Jeremiah Grossman.
Rest of the Presentations,Documents and Videos can be found here
Stumbled upon a website which tells about various python tools required for every Vulnerability research, reverse engineering and penetration testing.
The most important advantages are:
* WATOBO can perform vulnerability checks out of the box.
* WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
* WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
* WATOBO is written in (FX)Ruby and enables you to define your own checks
* WATOBO is free software ( licensed under the GNU General Public License Version 2)
check the Project details here