Greeting Everyone! Hope everything Going good, Today we will look on Techniques tools which help to discover content, directory , subdomain of our target . In every website there are some hidden directory, path, As Subdomain & Weyback urls which actually help Penetration tester which made everything easy.
So , Lets Find Out Some interesting content From Our Target we are going to use some of interesting tools, As below,
dirsearch
waybackurl
Sublist3r
relative-url-extractor
dirsearch:
Dirsearch is a tool written in Python used to brute-force hidden web directories and files which help a penetration tester to find more sensitive information about our target . Its actually CLI based tool . How to use:
Setup & Download : Github: https://github.com/maurosoria/dirsearch
For setup dirb :
Open Your Terminal:
-> git clone https://github.com/maurosoria/dirsearch.git
-> cd dirsearch
After successfully installed Now, Lets find hidden directory Of our target ,
Assume we have target www.abc.com ,
→ Our target https://securiumsolutions.org
Now, run command : → python dirsearch.py -u https://securiumsolutions.org -e aspx,json,php,xml,txt
As -u which define Target url -e which defile extension we are going to brute force supposed we need content which extension php,aspx,xml .
As above picture we have found some sensitive directory path from target with their response code. Dirsearch help a Penetration tester to find directories path in their testing phase .
Waybackurl:
Waybackurls Fetch known URLs from the Wayback Machine for *.domain
and output them on stdout. As wayback machine which stored urls of our target . Waybackurls r eturns as result a list of all the URLs that the Wayback Machine stored .
How to use:
Download Setup :https://github.com/tomnomnom/waybackurls
Make sure You have Installed Golang ->go get github.com/tomnomnom/waybackurls
Usage: -> cat domains.txt | waybackurls > urls
Here , We are going to use Python script which help to findout all possible urls from wayback machine Download
Python script From Here Save Code as -> wayback.py
-> chmod +x waybackurl.py
-> python wayback.py Yourtrget
Now, as above picture We Used Python script to extract all possile Waybackurl From archive.org , Now If You look for the output which save as json format inside our wayback folder,
As Result we found Some Of url from our taregt which extracted From waybackmachine. Is a good tool for Penetration Tester & Bugbounty hunter to collect some possible Sensitive information about target.
Sublist3r:
Sublist3r is very Important tool for Penetration tester & Bugbounty hunter Which help us to find all possible subdomains Of our target. Which Find out subdomains using Search engines like Google, Bing, Yahoo, Baidu, and Ask are used by this tool. It developed For enumerate subdomains of websites using OSINT.
Usage Of Sublist3r: Download & Setup https://github.com/aboul3la/Sublist3r
–> git clone https://github.com/aboul3la/Sublist3r.git
-> sudo pip install -r requirements.txt
To run sublist3r: Open Your terminal Run command: -> ./sublist3r.py
→ ./sublist3r.py -d example.com
we used -d which refer for domain we are going to attack
As above pic as result we have find out all possible subdomains Of our target .
Now, To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 We can Find Port Specify Based on subdomains Of Our target
-> ./sublist3r.py -d example.com -p 80, 443
As above picture We look for All subdomain Of our target which services port based on 80,443 we can also specify Different Port. Sublist3r Is very useful tool for Finding subdomains which help to find out all possible subdomains In a short time Period .
Relative-url-extractor:
Is a helpful to get a quick overview of all the relative endpoints in a file. This tool contains a nifty regular expression to find and extract the relative URLs in such files Target
Usage of relative-url-extractor:
Download & Setup : https://github.com/jobertabma/relative-url-extractor
→ git clone https://github.com/jobertabma/relative-url-extractor
→ curl -s www.target.com | ./extract.rb
Now, it will find out all relative url path from Our target as below Picture ,
As above picture we have find out all possible url path from our target a we used piped into the file to extract relative urls . Relative-url-extractor is very good tool for penetration Tester As Bugbounty hunter which help us to find out more information about our target.
So
Today we have discuss Some Of techniques Tool which help us to
discover content Of our target such directory , path , subdomains,
wayback url , url extract using regex .
Author : Pallab Jyoti Borah VAPT analyst