Difference between revisions of "OWASP/Training/OWASP DirBuster Project"

From OWASP
Jump to: navigation, search
Line 17: Line 17:
 
By helping developers understand that by simply not linking to a page does not mean it can not be accessed.  
 
By helping developers understand that by simply not linking to a page does not mean it can not be accessed.  
 
<br><br>
 
<br><br>
Latest version of DirBuster can be downloaded from [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Download here] <br>  
+
| Material =
and feature list can be viewed from [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Features here]
+
<br>
| Material = [http:// TBD]
+
*Latest version of DirBuster can be downloaded from [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Download here] <br>  
 +
*and feature list can be viewed from [http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Features here]
 
}}
 
}}

Revision as of 12:11, 5 May 2010

MODULE
OWASP DirBuster Project
Overview & Goal
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.


The goal of this project is to produce a tool which will assist in black box application testing, by trying to find hidden content. The project ensures that the tool produced provides information in such a way that any false positives produce can be quickly identified.

Contents Materials

  • What DirBuster can do for you?

Attempt to find hidden pages/directories and directories with a web application, thus giving a another attack vector (For example. Finding an unlinked to administration page).

  • What DirBuster will not do for you?

Exploit anything it finds. This is not the purpose of DirBuster. DirBuster sole job is to find other possible attack vectors.

  • How does DirBuster help in the building secure applications?

By finding content on the web server or within the application that is not required. By helping developers understand that by simply not linking to a page does not mean it can not be accessed.


  • Latest version of DirBuster can be downloaded from here
  • and feature list can be viewed from here