Directory Browsing

Overview Directory Browsing is allowed when the web server is misconfigured to show the user the contents of directories on the server. Video Tutorials Discovery Methodology Use search engines to look for pages which include "index of" in the title. Additionally attempt to read the robots.txt file and spider the application with a tool such as Burp-Suite, OWASP ZAP, or Nikto, and directories named by search engines. Exploitation Catalog and inspect the folders named in robots.txt and any directories discovered during spidering. Use a tool such as Burp-Intruder to brute-force sub-directory names in the root directory and other discovered directories. Videos Spidering Web Applications with Burp-Suite How to use WGET to clone a Web Site How to Install dirb on Linux How to Use dirb to Locate Hidden Directories on a Web Site How to Install OWASP DirBuster on Linux How to use OWASP DirBuster to Discover Hidden Directories on Web Sites How to Install OWASP Zap on Linux