OSWAP Directory Buster

A good hacker will not directly attack a website without proper information gathering. It is a good practice of understanding the structure of a website by busting the directories and files.

This may give you an opportunity to find some hidden and confidential dictories and files that are considered to be inaccessible by the public. This may lead you to gain important information like password, encryption keys, certificate files etc.

Before getting into it, I ll show you some additional details

•  Code 100 -> Continue : codes in this range denotes that the user / client request has not been completed for some reasons but the client can continue.
•  
• Code 200 -> Successful : Codes in this range denotes that the request was successful.

• Code 300 -> Multiple Choice : Codes in this range denotes bad request . The most common codes are 404 [not found ] and 403 [forbidden].

Busting Time 

Goto Applications -> kali LInux -> Web Application -> Web Crawlers -> dirbuster

 Now, open DirBuster and enter the target website. Don't forget to mention http | https and port number 80 | 443 . eg: http://www.examplewebsite.com:80

Wordist:

Next, all you have to do is to choose the wordlist which contains the directories and files names. Here I've chose /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt

Finally, when we click the "start" DirBuster will generate GET requests and send them to the target website with a request for watch of the files and directories listed in our wordlist.

Once everything finished all the directories and files will be busted to you.