Directory Enumeration Tool of Choice

Do you guys have a favorite tool for enumerating directories on web servers? I’m partial to Dirb, although there is also Dirbuster, GoBuser etc. Is there another tool you prefer for any specific reason?

I usually use dirb for the sake of simplicity but I feel like it doesn’t provide as much options as it’s other rivals, somehow I feel improvising a tool for a certain machine would be the best thing to do, looking forward to see other people’s choices

dirb or dirbuster.

I usally use dirbuster , sometimes i do it manualy on Burp

dirsearch and gobuster

Mostly dirsearch ,gobuster and wfuzz. Because I don’t like gui.

go with gobuster :wink:

gobuster. dirbuster if recursive search is required.

dirsearch

gobuster for sure

speaking about that, my gobuster command doesnt enter directories, is there a param or sth to do ?

@peek

Try with epi’s wrapperhttps://forum.hackthebox.eu/discussion/1439/tool-recursive-wrapper-for-gobuster#latest

thanks

This article is written in french, but i think the charts and the idea can be understood without much trouble:
https://blog.bssi.fr/evaluation-des-performances-doutils-de-bruteforce-url/

It’s just a speed benchmark and comparison betweenr some of the best known tools for url discovery. And the results, sincerelly, are completely unexpected for me.

all is pretty same, try all and than choose which you like., :smile:

I usually use ffuf: GitHub - ffuf/ffuf: Fast web fuzzer written in Go
It’s pretty fast, allows fuzzing more than just dirs/files (like wfuzz), allows specifying an extension list, can filter by several different criteria (response code, response size, number of words, etc.), and allows recursive „fuzzing“ :wink: