DirBuster : A New Web Application Brute Force Tool
I read today about a new tool for web brute forcing : DirBuster. It is a multi threaded java application designed to brute force directories and files names on web/application servers.
DirBuster provides the following features:
- Multi threaded has been recorded at over 2800 requests/sec
- Works over both http and https
- Scan for both directory and files
- Will recursively scan deeper into directories it finds
- Able to perform a list based or pure brute force scan
- DirBuster can be started on any directory
- Custom HTTP headers can be added
- Proxy support
- Auto switching between HEAD and GET requests
- Content analysis mode when failed attempts come back as 200
- Custom file extensions can be used
- Performance can be adjusted while the program in running
What I found to be interesting is the usage of real directoy names harvested by spiders from Internet. I guess it can be used very well alongside nikto.
As cute as the developers’ website name is, DirBuster can put your application between the hammer and the envil 
http://www.sittinglittleduck.com/DirBuster/
If you enjoyed this post, make sure you subscribe to my RSS feed!
Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback.
Post Info
This entry was posted on Thursday, June 14th, 2007 and is filed under Web Applications, Brute Force, Tools.You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: AQTRONIX WebKnight - Open Source Web Application Firewall »
Next Post: w3af, the Web Application Attack and Audit Framework »
Read More
Related Reading:
Latest Posts:
- Free alternative to ArcSight ESM ? Hardly..
- Privacy Dilemma: How to Protect Yourself Online
- Solera Networks Deep-Packet Capture Review
- WordPress Exploit Scanner
- Phishing Exposed, Brands Secured
- Scanners: New Nessus Release; New eEye Web Scanner
- Good News from ArcSight and Imperva
- CCTV Security Camera and Surveillance Equipment
- OpenDNS Offers Free Web Content Filtering
- Can I Evade ScanSafe Anywhere+ ?
June 17th, 2007 00:57
[…] DirBuster : A New Web Application Brute Force Tool It is a multi threaded java application designed to brute force directories and files names on web/application servers. DirBuster provides the following features:. Multi threaded has been recorded at over 2800 requests/sec … […]