DirBuster : A New Web Application Brute Force Tool

DirBuster brute force toolI read today about a new tool for web brute forcing : DirBuster. It is a multi threaded java application designed to brute force directories and files names on web/application servers.

DirBuster provides the following features:

  • Multi threaded has been recorded at over 2800 requests/sec
  • Works over both http and https
  • Scan for both directory and files
  • Will recursively scan deeper into directories it finds
  • Able to perform a list based or pure brute force scan
  • DirBuster can be started on any directory
  • Custom HTTP headers can be added
  • Proxy support
  • Auto switching between HEAD and GET requests
  • Content analysis mode when failed attempts come back as 200
  • Custom file extensions can be used
  • Performance can be adjusted while the program in running


What I found to be interesting is the usage of real directoy names harvested by spiders from Internet. I guess it can be used very well alongside nikto.

As cute as the developers’ website name is, DirBuster can put your application between the hammer and the envil :)
http://www.sittinglittleduck.com/DirBuster/



Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback. Print This Post Print This Post

Post Info

This entry was posted on Thursday, June 14th, 2007 .

Tagged with: , ,

You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.



Previous Post: »
Next Post: »

Read More

Related Reading:

Latest Posts:

One Response to “DirBuster : A New Web Application Brute Force Tool


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.