2.3.1 File & Directory Brute-Force

File and Directory Enumeration

Gobuster​

​Gobuster - a tool used to brute-force URIs including directories and files as well as DNS subdomains.

Gobusterhttps://www.kali.org/tools/gobuster/

BurpSuite​

​BurpSuite - an integrated platform for performing security testing of web applications.

Burp Suitehttps://portswigger.net/burp https://www.kali.org/tools/burpsuite/ https://tryhackme.com/room/burpsuitebasics

Dirb

Dirb - a tool to brute force URIs, more similar to Gobuster

Dirbhttps://www.kali.org/tools/dirbuster/

Other Tools

In addition, we can use Nmap nse-scripts, WeFuzz and custom script with the help of a strong dictionary.