# 2.3.1 File & Directory Brute-Force

## File and Directory Enumeration <a href="#directory-enumeration-gobuster" id="directory-enumeration-gobuster"></a>

### &#x20;[Gobuster](https://github.com/OJ/gobuster)​ <a href="#directory-enumeration-gobuster" id="directory-enumeration-gobuster"></a>

​[**`Gobuster`**](https://www.kali.org/tools/gobuster/) - *a tool used to brute-force URIs including directories and files as well as DNS subdomains.*

{% content-ref url="<https://app.gitbook.com/s/iS3hadq7jVFgSa8k5wRA/practical-ethical-hacker-notes/tools/gobuster>" %}
[Gobuster](https://app.gitbook.com/s/iS3hadq7jVFgSa8k5wRA/practical-ethical-hacker-notes/tools/gobuster)
{% endcontent-ref %}

### [BurpSuite](https://portswigger.net/burp/documentation/desktop)​ <a href="#directory-enumeration-burpsuite" id="directory-enumeration-burpsuite"></a>

​[**`BurpSuite`**](https://www.kali.org/tools/burpsuite/) - *an integrated platform for performing security testing of web applications.*

{% content-ref url="<https://app.gitbook.com/s/iS3hadq7jVFgSa8k5wRA/practical-ethical-hacker-notes/tools/burp-suite>" %}
[Burp Suite](https://app.gitbook.com/s/iS3hadq7jVFgSa8k5wRA/practical-ethical-hacker-notes/tools/burp-suite)
{% endcontent-ref %}

### [Dirb](https://app.gitbook.com/s/iS3hadq7jVFgSa8k5wRA/practical-ethical-hacker-notes/tools/dirb) <a href="#scanning-webapp-zaproxy" id="scanning-webapp-zaproxy"></a>

[`Dirb`](https://app.gitbook.com/s/iS3hadq7jVFgSa8k5wRA/practical-ethical-hacker-notes/tools/dirb) - a tool to brute force URIs, more similar to Gobuster

{% content-ref url="<https://app.gitbook.com/s/iS3hadq7jVFgSa8k5wRA/practical-ethical-hacker-notes/tools/dirb>" %}
[Dirb](https://app.gitbook.com/s/iS3hadq7jVFgSa8k5wRA/practical-ethical-hacker-notes/tools/dirb)
{% endcontent-ref %}

### Other Tools

In addition, we can use **Nmap** nse-scripts, **WeFuzz** and custom script with the help of a strong dictionary.