Brute force directories and files names

  • Recon


GUI Tools

 

Command line tools

gobuster

gobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html

https://github.com/OJ/gobuster

 

dirb

dirb http://192.168.1.224/ /usr/share/wordlists/dirb/common.txt

https://gitlab.com/kalilinux/packages/dirb

 

metasploit

auxiliary/scanner/http/brute_dirs