Directory Scan
Training Overview
The "Directory Scan" training provides a comprehensive overview of directory scanning techniques and tools to uncover security vulnerabilities in websites. Starting from the basics, the training covers how to use fuzzing techniques and wordlists (wordlist). This is an important method for finding potential weak points and hidden directories on the target system. It also provides information about manual discovery methods, explaining how files like robots.txt and sitemap.xml can be examined and how they might expose potential vulnerabilities.
The training then focuses on the use of popular and effective directory scanning tools such as Gobuster, Feroxbuster, Dirb, and FFUF. It explores the directory and file scanning modes and features of each tool in detail, guiding users on how to use these tools effectively. Advanced topics such as file extension scanning and directory fuzzing techniques are covered, providing security professionals with strategies to discover hidden files and directories in web applications.
What You Will Learn
- How to perform manual discovery using files like robots.txt and sitemap.xml.
- How to use automated tools to fuzz for hidden directories and files.
- The difference between directory/file scanning and VHOST scanning.
- How to choose the right tool and wordlist for a given target.
Who is this for?
- Penetration Testers performing reconnaissance.
- Bug Bounty Hunters looking for undisclosed endpoints.
- Web application security analysts.
Prerequisites
- A basic understanding of web server and website structure.
- Familiarity with the command line.
Tools You Will Use
- Gobuster
- Feroxbuster
- Dirb
- ffuf
Training Sections
- Introduction
- Manual Discovery
- Gobuster
- Feroxbuster
- Dirb
- Fuff
- Exam