Brute Force on the Web server by “dirb”
DIRB is a Web Content Scanner. It mainly used for a dictionary-based attack against a web server. If we want to brute force to get a directory/Page from web server then this tools is very helpful.DIRB main purpose is to help in professional web application auditing, especially in security-related testing. It is a pre-define tool on Kali Linux. In the dirb folder( /usr/share/wordlists/dirb ) we also get some wordlist and we can also use our own wordlist.
In this blog, I am using this my OWASP machine IP address: 192.168.126.131
Step1: execute dirb in a terminal
Step2:
To start a brute force first select a wordlist, for me I select a wordlist from dirb and this is common.txt.
Then execute this command:
Formatting: dirb http://IpAddress wordlistLocation
Command:
dirb http://192.168.126.131 /usr/share/wordlists/dirb/common.txt
CODE 200 means get a directory/Page