Brute force directories and files names
- Recon
GUI Tools
Command line tools
gobuster
gobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html
https://github.com/OJ/gobuster
dirb
dirb http://192.168.1.224/ /usr/share/wordlists/dirb/common.txt
https://gitlab.com/kalilinux/packages/dirb
metasploit
auxiliary/scanner/http/brute_dirs