1
00:00:00,420 --> 00:00:05,830
OK, so the next Web application scanning tool that we're going to use is called Directory Buster.

2
00:00:06,060 --> 00:00:09,630
So Callicles with the tool is called Derb.

3
00:00:09,740 --> 00:00:15,570
Well, that's directory, but they're pretty much shortened, shortened, and it's going to pretty much

4
00:00:15,570 --> 00:00:20,000
enumerate or gather directories and exist on a Web server.

5
00:00:20,610 --> 00:00:26,360
So Darby is very powerful and it can actually discover, you know, directories and files that weren't

6
00:00:26,370 --> 00:00:29,550
meant to be public and you could potentially exploit them.

7
00:00:29,580 --> 00:00:31,450
So let's go check out how to use DeBrie real quick.

8
00:00:31,560 --> 00:00:33,200
So we're Nikolaidis machine.

9
00:00:33,210 --> 00:00:34,740
We open up the laptop.

10
00:00:34,770 --> 00:00:38,270
So let's go ahead and just try to create Darbie commonness of Derb.

11
00:00:38,520 --> 00:00:48,260
And then we're going to be calling for this for as the IP address of our Métis for the machine for.

12
00:00:48,570 --> 00:00:53,820
And then we're going to do actually we're going to just going to do just to make it not take forever.

13
00:00:53,850 --> 00:00:59,250
We're going to do the specific app that we're, you know, attacking sort of Dan Vulnerable Web app.

14
00:00:59,250 --> 00:01:01,020
So Steve Way.

15
00:01:01,410 --> 00:01:09,550
And then we're going to use you as our source share slash wireless slash derby slash comment.

16
00:01:10,320 --> 00:01:18,540
So this is pretty much a link to a word list that has a bunch of different various names of directories

17
00:01:18,720 --> 00:01:20,970
separated by, you know, lines.

18
00:01:20,970 --> 00:01:22,410
So one on each line.

19
00:01:22,740 --> 00:01:27,480
And when we put this argument here is going to pass in each one of these.

20
00:01:27,480 --> 00:01:32,040
And Darbie is going to use this list to look for those directories and see if they're actually there

21
00:01:32,430 --> 00:01:35,570
to enter and just let it run and it's going to scan.

22
00:01:35,580 --> 00:01:42,750
So as you can see us going through and it's trying to see if it could find some of the stuff there.

23
00:01:42,990 --> 00:01:48,140
So it says right here, hey, it found actually 15 of the directories.

24
00:01:48,160 --> 00:01:53,940
You see, like, if we got like a two hundred response, usually that means, you know, as good as

25
00:01:53,940 --> 00:01:57,270
a good HDTV because it was accepted that I mean, that the page exists.

26
00:01:57,840 --> 00:02:00,620
So it did find some directories out of that list.

27
00:02:00,870 --> 00:02:06,630
And another thing that you can do, like if you know, for example, that it's an Apache server, you

28
00:02:06,630 --> 00:02:09,570
can actually just look at you can run these different lists.

29
00:02:09,810 --> 00:02:21,980
So if you buy else of you use our share dot, share, slash, wireless slash, derb slash, advance

30
00:02:22,200 --> 00:02:30,330
slash and then just enter and you'll see it has a lot of different lists already in here is a Tomcat

31
00:02:30,360 --> 00:02:35,850
Apache's like, you know, as an Apache server, you can run it against the common Apache directories

32
00:02:35,850 --> 00:02:36,960
and look for those.

33
00:02:37,510 --> 00:02:38,280
It's pretty useful.

34
00:02:39,000 --> 00:02:45,120
So and this is definitely a tool that you want to use and then you can start to browse to, you know,

35
00:02:45,120 --> 00:02:49,130
some of these right here and see kind of like what's going on.