DirBuster : A New Web Application Brute Force Tool

DirBuster brute force toolI read today about a new tool for web brute forcing : DirBuster. It is a multi threaded java application designed to brute force directories and files names on web/application servers.

DirBuster provides the following features:

  • Multi threaded has been recorded at over 2800 requests/sec
  • Works over both http and https
  • Scan for both directory and files
  • Will recursively scan deeper into directories it finds
  • Able to perform a list based or pure brute force scan
  • DirBuster can be started on any directory
  • Custom HTTP headers can be added
  • Proxy support
  • Auto switching between HEAD and GET requests
  • Content analysis mode when failed attempts come back as 200
  • Custom file extensions can be used
  • Performance can be adjusted while the program in running


What I found to be interesting is the usage of real directoy names harvested by spiders from Internet. I guess it can be used very well alongside nikto.

As cute as the developers’ website name is, DirBuster can put your application between the hammer and the envil 🙂
http://www.sittinglittleduck.com/DirBuster/



Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback. Print This Post Print This Post

One Response to “DirBuster : A New Web Application Brute Force Tool


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge