# Dirbuster

DirBuster is a popular open-source tool used for directory and files enumeration in web applications. It is designed to help ethical hackers and security researchers identify hidden directories and files on a web server that may contain sensitive information, vulnerabilities, or other potential security risks.&#x20;

DirBuster is commonly used in the initial reconnaissance phase of a web application security assessment to gather information about the directory structure and files present on a web server.

DirBuster uses a brute-force approach to enumerate directories and files by automatically generating and sending requests to the target web server with different directories and file names. The tool comes with a predefined list of common directories and file names that are typically used in web applications, but users can also customize the list to suit their specific needs.&#x20;

DirBuster can also be configured to handle different types of web server responses, such as redirecting URLs, error pages, or custom error messages, allowing for more comprehensive enumeration.

### Some of the features of DirBuster include

1. Multi-threaded scanning: DirBuster can perform multiple requests simultaneously, making the scanning process faster and more efficient.
2. Proxy support: DirBuster can be configured to use a proxy server for requests, allowing users to route traffic through a proxy for anonymity or to bypass certain network restrictions.
3. Customizable wordlists: DirBuster comes with a default wordlist, but users can create and use their own wordlists to suit their specific needs, including for different languages or industries.
4. Different scanning modes: DirBuster offers different scanning modes, such as "Directory/File Bruteforce," "File Extension Bruteforce," and "Recursive Spider," allowing users to customize the scanning approach based on their requirements.
5. Output options: DirBuster provides options to save the scan results in various formats, such as HTML, XML, and CSV, for further analysis and reporting.

### Basic Directory Bruteforce

```bash
dirbuster -u http://targetwebsite.com -w /path/to/wordlist.txt
```

This command initiates a basic directory brute force scan on the target website, using the specified wordlist to generate directory and file names to test.

### File Extension Bruteforce

```bash
dirbuster -u http://targetwebsite.com -w /path/to/wordlist.txt -f
```

This command performs a file extension brute force scan on the target website, fuzzing different file extensions in addition to directory names.

### Recursive Spidering

```bash
dirbuster -u http://targetwebsite.com -w /path/to/wordlist.txt -r
```

This command initiates a recursive spidering scan on the target website, which explores directories and files in a depth-first manner, following links and discovering hidden files or directories.

### Customizing Threads

```bash
dirbuster -u http://targetwebsite.com -w /path/to/wordlist.txt -t 20
```

This command specifies the number of threads to be used in the scan, in this case, 20 threads, to increase the scanning speed.

### Proxy Usage

```bash
dirbuster -u http://targetwebsite.com -w /path/to/wordlist.txt -p http://proxyserver:8080
```

This command configures DirBuster to use a proxy server for requests, allowing traffic to be routed through the specified proxy server for anonymity or to bypass network restrictions.

### Saving Scan Results

```bash
dirbuster -u http://targetwebsite.com -w /path/to/wordlist.txt -o /path/to/output/directory
```