Back to Unit 3
Directory Fuzzing, Nikto & Burp Intruder
Discover hidden web directories and automate vulnerability scanning
Hands-on Tools
Active & Passive Scanning
Automated Attacks
Progress
0/6 completed
Fundamentals
Gobuster
Nikto
Burp Intruder
Burp Scanner
Lab Exercises
Directory & File Discovery Fundamentals
Mark Complete
Why Hidden Paths Matter
🎯 Attack Surface Expansion
Admin panels: /admin, /administrator, /admin.php
Backup files: /backup.sql, /config.bak, /old/
Development directories: /dev, /test, /staging/
Configuration files: /config, /.env, /.git/
🔍 Common Hidden Resources
Documentation: /docs, /api, /swagger/
Upload directories: /uploads, /files, /temp/
Database utilities: /phpmyadmin, /adminer/
Version control: /.git, /.svn, /.hg/
⚠️ Security Implications
Information Disclosure:
Exposed config files reveal credentials
Privilege Escalation:
Admin panels without authentication
Remote Code Execution:
Upload directories with execute permissions
Source Code Access:
Backup files reveal application logic
Discovery Methodology
🔄 Discovery Process
1
Reconnaissance:
Gather target information and identify subdomains
2
Wordlist Selection:
Choose appropriate wordlists for the target
3
Tool Configuration:
Set up tools (Gobuster, Dirb, etc.)
4
Execution:
Run directory fuzzing attacks
5
Analysis:
Review results and identify interesting findings
6
Validation:
Manually verify and test discovered paths
📋 Wordlist Categories
Common Directories:
/admin, /login, /backup, /test
File Extensions:
.php, .html, .txt, .sql, .bak
Technology-Specific:
WordPress, Joomla, Drupal paths
Custom Wordlists:
Based on target technology stack