This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP/Training/OWASP DirBuster Project"

From OWASP
Jump to: navigation, search
Line 13: Line 13:
 
* '''What DirBuster will not do for you?'''  
 
* '''What DirBuster will not do for you?'''  
 
Exploit anything it finds. This is not the purpose of DirBuster. DirBuster sole job is to find other possible attack vectors.  
 
Exploit anything it finds. This is not the purpose of DirBuster. DirBuster sole job is to find other possible attack vectors.  
* '''How does DirBuster help in the building of secure applications?'''  
+
* '''How does DirBuster help in the building secure applications?'''  
 
By finding content on the web server or within the application that is not required.  
 
By finding content on the web server or within the application that is not required.  
 
By helping developers understand that by simply not linking to a page does not mean it can not be accessed.  
 
By helping developers understand that by simply not linking to a page does not mean it can not be accessed.  
 
<br><br>
 
<br><br>
Latest version of DirBuster can be downloaded from [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Download here]  
+
Latest version of DirBuster can be downloaded from [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Download here] <br>
 +
and feature list can be viewed from [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Features here]
 
| Material = [http:// TBD]
 
| Material = [http:// TBD]
 
}}
 
}}

Revision as of 00:43, 2 May 2010

MODULE
OWASP DirBuster Project
Overview & Goal
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.


The goal of this project is to produce a tool which will assist in black box application testing, by trying to find hidden content. The project ensures that the tool produced provides information in such a way that any false positives produce can be quickly identified.

Contents Materials

  • What DirBuster can do for you?

Attempt to find hidden pages/directories and directories with a web application, thus giving a another attack vector (For example. Finding an unlinked to administration page).

  • What DirBuster will not do for you?

Exploit anything it finds. This is not the purpose of DirBuster. DirBuster sole job is to find other possible attack vectors.

  • How does DirBuster help in the building secure applications?

By finding content on the web server or within the application that is not required. By helping developers understand that by simply not linking to a page does not mean it can not be accessed.

Latest version of DirBuster can be downloaded from here
and feature list can be viewed from here

[http:// TBD]
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP/Training/OWASP_DirBuster_Project&oldid=82863"