DirBuster – Brute force a web server for interesting things

You would be surprised at what people leave unprotected on a web server.

What is Dirbuster

DirBuster is a project by OWASP that will brute force web directories and filenames on a web server / virtual host. This can often reveal unprotected web applications, scripts, old configuration files and many other interesting things that should not be available to the public.

It runs against a dictionary file of known filenames / directories and you are able to specify the dictionary you are hoping to use.

Wordlist location

In kali, wordlists are located /usr/share/wordlists/dirbuster

apache-user-enum-1.0.txt  apache-user-enum-2.0.txt 
NOTE: Dirbuster retired by OWASP. Although, still available to use on Kali, it is no longer updated. The OWASP ZAP : Forced Browse option is based on the code from the OWASP Dirbuster Project. Read the OWASP documentation here