This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP/Training/OWASP DirBuster Project

Jump to: navigation, search
OWASP DirBuster Project
Overview & Goal
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.

The goal of this project is to produce a tool which will assist in black box application testing, by trying to find hidden content. The project ensures that the tool produced provides information in such a way that any false positives produce can be quickly identified.

Contents Materials

  • What DirBuster can do for you?

Attempt to find hidden pages/directories and directories with a web application, thus giving a another attack vector (For example. Finding an unlinked to administration page).

  • What DirBuster will not do for you?

Exploit anything it finds. This is not the purpose of DirBuster. DirBuster sole job is to find other possible attack vectors.

  • How does DirBuster help in the building secure applications?

By finding content on the web server or within the application that is not required. By helping developers understand that by simply not linking to a page does not mean it can not be accessed.

  • Latest version of DirBuster can be downloaded from here
  • and feature list can be viewed from here