TRICKS.txt 1.1 KB
Newer Older
Devon Kearns's avatar
Devon Kearns committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
DIRB TRICKS
===========


1) Apache "Options MultiViews" (Common configuration)

-> Sometimes with Apache servers configured with "Options MultiViews" you 
don't need to include the file extension in the search, the system will tell 
you the right name through a "Content-Location" header.



2) Using extensions

-> Before starting your scan. Navigate through the target URL and get the 
most used file extensions. Include they in a extensions file (one extension by 
line) and use it in your scan.

Example extensions file:

--------------
			--> void extension (look for directorios or servlets)
.asp
.txt
.html
--------------

-> You can also use the mode -X to input extensiones directly from de command 
line:

-X ,,.asp,.txt,.html



3) Selective scanning

-> If you don't want to scan uninteresting directories like /images, /css, 
etc... You can use the mode -R (interactive recursion) and DIRB will ask you
in which subdirectories you want to scan and in which you don't want.



4) Scanning IIS webservers

-> IIS webserver URLs are case insensitives, so you can use the mode -i to cut 
down the number of tries.