Wordlist Types¶
- General-Purpose: Contains a broad range of common subdomain names (e.g., dev, staging, blog, mail, admin, test). Useful when the target's naming conventions are unknown.
- Targeted: Focused on specific industries, technologies, or naming patterns relevant to the target. More efficient and reduces false positives.
- Custom: Created based on specific keywords, patterns, or intelligence gathered from other sources.
Using Gobuster¶
- Basic usage with a predefined wordlist:
gobuster dir -u [TARGET-URL] -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x txt,php,html -t 30 - Using a big wordlist:
gobuster dir -u [TARGET-URL] -w /usr/share/wordlists/dirb/big.txt
Using Feroxbuster¶
-
Default usage with a common wordlist:
feroxbuster -u [TARGET-URL] -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt -x php,txt,html -
Using a big wordlist:
feroxbuster -u [TARGET-URL] -w /usr/share/wordlists/dirb/big.txt -x php,txt,html -
Lowercase wordlist for Windows:
feroxbuster -u [TARGET-URL] --no-recursion -k -w /opt/SecLists/Discovery/Web-Content/raft-medium-directories-lowercase.txt -
For ASP.NET/IIS servers:
feroxbuster -u [TARGET-URL] -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories-lowercase.txt -x aspx
Using Dirsearch¶
-
Basic usage:
dirsearch -u [TARGET-URL] -w /usr/share/dirb/wordlists/common.txt -
With multiple extensions:
dirsearch -u [TARGET-URL] -e sh,txt,htm,php,cgi,html,pl,bak,old -
Custom wordlist:
dirsearch -u [TARGET-URL] -e sh,txt,htm,php,cgi,html,pl,bak,old -w path/to/wordlist
Using FFUF¶
- Using a common wordlist:
ffuf -u [TARGET-URL]/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
Using Dirb¶
-
Basic usage:
dirb [TARGET-URL] /path/to/wordlist -
With multiple extensions:
dirb [TARGET-URL] /usr/share/wordlists/dirb/big.txt -X .sh,.txt,.htm,.php,.cgi,.html,.pl,.bak,.old