Thursday, 31 May 2018

How To Scan Web Directories Using Websploit Directory Scanner


In this tutorial, I will be going to teach you how to scan web directories using Websploit, a great open source web application assessment tool. Also, we will see how to use several modules of Websploit. Websploit directory scanner script scans for directories in a web server.
You can Download directory scanner from the following link:

WebSploit Directory Scanner

The above script is a modified script you need to replace previous one with this in the following directory:
/usr/share/websploit/modules/directory_scanner.py

If you don’t have websploit installed use the following command to install it from Github
git clone https://github.com/websploit/websploit.git

Scanning Directories 

Now Run the websploit by typing in the following command:
./websploit

You can see all the available modules using the following command:
Show modules

Here we will use web/dir_scanner module to scan for directories in a web server.
Type in the following command to use web/dir_scanner module:
Use web/dir_scanner



Now type in the following command to show all available options:
Show options


Here you can set the target and verbosity level for scanning. Google.com is set as the default target and verbosity level is set to 1.
Use the following command to set the target:
Set target [url]
And set verbosity level by the following command:
Set verbosity 1
If verbosity level is set to 0 it will show you directories with 302 and 200 code only, while verbosity 1 will show you all directories.
Now use the following command to run the scanner:
Run



You can try it on your own site and scan for the directories. This scanner only scans for the following directories:
Index
Wp-admin
Iimages
If you want to scan for custom directories you can edit the file in the following directory and place your own directories to scan for:
/usr/share/websploit/modules/directory_scanner.py

You can add directories there. Try to use the format /directoryname/ to prevent bad requests.


adcodehere

NEXT ARTICLE Next Post
PREVIOUS ARTICLE Previous Post
NEXT ARTICLE Next Post
PREVIOUS ARTICLE Previous Post
 

Delivered by FeedBurner