November 26, 2023
Dirbuster is multi threaded web application scanner written in java. Dirbuster comes pre-installed in Kali Linux. It is designed to scan website’s directories or any file name in web application by brute force attack.
Dirbuster is very similar to
In the above screenshot we can see the the help options of the dirbuster tool. We can ignore these help options because we will get all these options in the GUI mode. Lets start the GUI of dirbuster and start scanning a website.
To do so we need to run the following command on our terminal:
Then the GUI of Dirbuster will come in front of us as we can see in the following screenshot:
Here we can see lots of options, In the first field we need to put a target website to scan. In the next radio button we can choose work method (HEAD and GET or only GET requests). Then we can choose the number of threads. Then we got a option to specify our brute-forcing method (Directory based or pure brute force, to use directory based brute force we need to specify a wordlist, but pure brute force will not need any kind of wordlist, but it will be heavily time consuming).
Enough talking lets start the scan (please check the other options, this tool is quite easy to understand)
We added our target and wordlist before start Dirbuster tool, in our case it looks like following screenshot:
In the above screenshot we can see that we had set our target website (i.e.- 127.14.0.1 which is our localhost). We set our wordlist which is located to /usr/share/secclists/Discovery/Web-Content/directory-list-2.3.txt
Now we click on start and our scanning process will start as shown in the following screenshot:
During the scan or after the scan we can see the results. Results are shown in two different ways (List & Files View and Tree View). We can change the views from the upper tabs, shown in the following screenshots:
| Dirbuster Results (List & Files View) |
| Dirbuster Results (Tree View) |
In the above screenshots we can see that we got various directories inside the web application. This is a very crucial information gathering step for web penetration testing.
This is how we can use Dirbuster on our Kali Linux system. Dirbuster is a really fast bruteforce scanner which is very handy for cybersecurity experts for information gathering.
Really love our articles? Make sure to follow us to get all our articles directly on notification. We are also available on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Whatsapp Channel & Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
