This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP/Training/OWASP DirBuster Project"
Sandra Paiva (talk | contribs) |
|||
Line 22: | Line 22: | ||
*and feature list can be viewed from [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Features here] | *and feature list can be viewed from [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Features here] | ||
}} | }} | ||
+ | |||
+ | |||
+ | [[Category:OWASP_Training|Training]] |
Latest revision as of 16:25, 23 November 2010
MODULE | |
OWASP DirBuster Project | |
Overview & Goal | |
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.
| |
Contents | Materials |
Attempt to find hidden pages/directories and directories with a web application, thus giving a another attack vector (For example. Finding an unlinked to administration page).
Exploit anything it finds. This is not the purpose of DirBuster. DirBuster sole job is to find other possible attack vectors.
By finding content on the web server or within the application that is not required.
By helping developers understand that by simply not linking to a page does not mean it can not be accessed.
|
|