Directory enumeration

One-liners for discovering directories

Via tools

Gobuster

gobuster dir --url http://MACHINE_IP/ -w /pathtowordlist/common.txt

Dirb/Dirbuster

dirb http://target_ip/ /pathtowordlist/common.txt

Fuff

ffuf -w /pathtowordlist/common.txt -u http://target_ip/FUZZ

Via OSINT

Google Dorking

The Google search engine lets us use "dorks", which are additional characters or formatting that allow us to narrow down our search. A good example would be the "site:" dork, which will only show us results relevant to the specific domain name we gave it. In our manual directory enumeration context, an example query could being akin to site:"laposte.fr" admin.

Via miscellaneous means

Robots.txt and sitemap.xml files

This one seems quite obvious but sometimes a simple look to the robots.txt/sitemap.xml files of a website might give us pointers in the right direction. Those are used by sysadmins to indicate pages they would rather (not) see indexed by search engines.

Wayback machine

Since this site has been running for quite a while now, it may have archived some specific pages that might be of interest to us, and is thus worth checking out.

PreviousSubdomain enumeration Next88 Kerberoasting

Last updated 2 years ago

Was this helpful?