Directory Browsing

Overview Directory Browsing is allowed when the web server is misconfigured to show the user the contents of directories on the server. Discovery Methodology Use search engines to look for pages which include "index of" in the title. Additionally attempt to read the robots.txt file and spider the application with a tool such as Burp-Suite, OWASP ZAP, or Nikto, and directories named by search engines. Exploitation Catalog and inspect the folders named in robots.txt and any directories discovered during spidering. Use a tool such as Burp-Intruder to brute-force sub-directory names in the root directory and other discovered directories. Videos Click here to watch Spidering Web Applications with Burp-Suite Click here to watch How to use WGET to clone a Web Site Click here to watch How to Install dirb on Linux Click here to watch How to Use dirb to Locate Hidden Directories on a Web Site Click here to watch How to Install OWASP DirBuster on Linux Click here to watch How to use OWASP DirBuster to Discover Hidden Directories on Web Sites Click here to watch How to Install OWASP Zap on Linux