1
00:00:01,020 --> 00:00:07,530
OK, time to cover another tool used for website numeration, which is called dirt.

2
00:00:08,340 --> 00:00:13,960
Now, this will be a rather quick video because this tool is not that big, but it is really useful.

3
00:00:14,580 --> 00:00:20,910
We use the trip to discover hidden directories on a website, or you can also consider it as a tool

4
00:00:20,910 --> 00:00:26,910
that is used to brute force directory names and see whether certain directory names exist on a website

5
00:00:26,910 --> 00:00:28,470
or if they don't.

6
00:00:29,340 --> 00:00:36,390
Now, as with almost any other tool that we use, we can run Derb straight from our terminal and to

7
00:00:36,390 --> 00:00:42,510
open the help menu if we can just type there, which will give us all of the available options that

8
00:00:42,510 --> 00:00:43,950
we can use with this tool.

9
00:00:44,700 --> 00:00:50,250
But since website numeration is not our main part of the course, we really want to get straight into

10
00:00:50,250 --> 00:00:51,070
podcasting.

11
00:00:51,130 --> 00:00:56,010
We'll just cover the basics of this tool, which you probably will always use like this.

12
00:00:56,020 --> 00:01:01,880
However, if you do want to check out all of the other options to see what else you can do with the

13
00:01:01,900 --> 00:01:08,490
tripto, but for this video, what we want to do is we want to discover some hidden directories.

14
00:01:08,490 --> 00:01:17,940
And to do that, all we have to type is there and then HTTP and then the IP address of our virtual machine.

15
00:01:19,440 --> 00:01:26,310
If we type it like this and press enter, it will start running without specifying any other option

16
00:01:26,310 --> 00:01:26,930
whatsoever.

17
00:01:27,210 --> 00:01:34,370
And you can see all of these output that we get are discovered directories on the website right here.

18
00:01:34,380 --> 00:01:37,560
We can see how many generated words did it create.

19
00:01:37,920 --> 00:01:42,650
And all of these words will be tested out as a possible directory on this website.

20
00:01:42,990 --> 00:01:45,240
Straight away, we managed to find some of them.

21
00:01:45,240 --> 00:01:49,710
As we can see, we have assets on the website.

22
00:01:49,740 --> 00:01:52,650
We have CGI been we have cross domain.

23
00:01:52,830 --> 00:01:57,990
And if you're wondering what is this in the brackets, this simply just gives us the code.

24
00:01:58,260 --> 00:02:04,410
And as we already know, code two hundred means that the page below that successfully, which also means

25
00:02:04,410 --> 00:02:06,570
that the page exists on that website.

26
00:02:07,550 --> 00:02:12,380
If it were to get some other code resulting in an error, then the toll would probably determine that

27
00:02:12,380 --> 00:02:13,790
that page does not exist.

28
00:02:13,800 --> 00:02:16,440
So it doesn't print it out right here.

29
00:02:17,120 --> 00:02:22,370
OK, so if we go all the way down, we can see that it already discovered a bunch of other directories.

30
00:02:22,700 --> 00:02:29,150
And what you would do is you would pretty much go through this and see whether you see anything interesting

31
00:02:29,150 --> 00:02:29,690
for us.

32
00:02:30,640 --> 00:02:34,470
For example, any administrator directly could possibly be interested.

33
00:02:35,140 --> 00:02:41,020
Of course, if you find something that has password's inside of its name, that would also be interesting

34
00:02:41,020 --> 00:02:44,340
because you never know what the website developer put there.

35
00:02:44,770 --> 00:02:50,290
Maybe they forgot to remove a certain directory from the test phase and they left it right there, which

36
00:02:50,290 --> 00:02:57,640
could possibly have perhaps the source code or some additional information, such as users or perhaps

37
00:02:57,640 --> 00:02:59,960
they made the entire database public.

38
00:02:59,980 --> 00:03:02,740
I mean, you never know, even though it is rare, it can.

39
00:03:02,740 --> 00:03:04,630
And it does happen sometimes.

40
00:03:05,840 --> 00:03:07,790
So nonetheless, let's see.

41
00:03:08,710 --> 00:03:15,430
To which point the to get and it's still discovering the rectory, so I'm just going to stop this because

42
00:03:16,060 --> 00:03:18,340
I don't really need it to finish till the end.

43
00:03:19,030 --> 00:03:24,570
Instead, I also want to show you another option that you can do with Therp, since if you type a straight

44
00:03:24,580 --> 00:03:31,780
command like this, which is just therap and then the IP address over HTP, it will use its usual list

45
00:03:31,780 --> 00:03:32,920
that it always uses.

46
00:03:33,130 --> 00:03:37,350
But what you can do is you can specify your own list right after the IP address.

47
00:03:37,390 --> 00:03:40,870
You can do something like user share word lists.

48
00:03:41,260 --> 00:03:44,680
And this is the path to word lists in Linux.

49
00:03:44,950 --> 00:03:48,760
So it's less user slash here and then slash wordlist.

50
00:03:49,060 --> 00:03:54,190
And if you want to see all of the options that you have inside of this wordlist directory, you can

51
00:03:54,190 --> 00:03:56,290
press tab twice fast.

52
00:03:58,070 --> 00:04:03,360
And here you will be able to see all of these subdirectories to this wordless directory.

53
00:04:03,740 --> 00:04:07,700
And since we are running therp, let's go to the third subdirectory.

54
00:04:10,520 --> 00:04:19,450
And inside their subdirectory, we have all of these files and all of these text files are certain lists,

55
00:04:20,029 --> 00:04:21,510
let's go with Commendatory.

56
00:04:23,810 --> 00:04:30,200
Which I do believe is Also-Ran by default, but nonetheless, let us just see how we can use a specified

57
00:04:30,200 --> 00:04:37,460
wordlist of our choice and all you have to do is press enter and it will pretty much do the same thing

58
00:04:37,460 --> 00:04:38,950
just with your wordlist.

59
00:04:38,960 --> 00:04:45,230
Instead, it will try to find all of those directories and it will print out the ones that exist.

60
00:04:46,010 --> 00:04:51,080
And if you wanted to, for example, make sure that the certain directory exists, what you can do is

61
00:04:51,080 --> 00:04:53,050
you can copy any of these directories.

62
00:04:53,060 --> 00:04:56,480
For example, let's go with this one, which is slash images.

63
00:04:57,350 --> 00:05:00,770
You can go to your Firefox and visit it like this.

64
00:05:00,770 --> 00:05:06,010
And we do see that images of the electorate does exist on our own virtual machine.

65
00:05:06,830 --> 00:05:08,870
You can do so with any other as well.

66
00:05:09,170 --> 00:05:11,390
Such as, for example, my admin.

67
00:05:12,370 --> 00:05:13,690
Let's copy the link.

68
00:05:14,700 --> 00:05:16,860
And let's face it right here.

69
00:05:17,690 --> 00:05:21,800
And it also loads my admin login screen.

70
00:05:22,760 --> 00:05:29,180
Also, all we left to do is cover two more important talks in the next video, we will cover and map,

71
00:05:29,390 --> 00:05:33,830
which will pretty much be just the basic cement map, because that is a huge tool.

72
00:05:33,980 --> 00:05:37,600
It has bunch of options and we're not getting into details with a map.

73
00:05:37,610 --> 00:05:41,150
However, we'll cover some of the basics of it in the next video.

74
00:05:41,360 --> 00:05:45,940
And then in the next section, we're going to dive deep into a tool called.

75
00:05:46,910 --> 00:05:52,670
Now, why are we going through all of these previous tools with only basic options and with purpose

76
00:05:52,670 --> 00:05:54,680
that we're going to go with advance options?

77
00:05:55,100 --> 00:05:57,040
Well, it's pretty simple purpose.

78
00:05:57,080 --> 00:05:59,360
It is a tool that you will use for bug bounty.

79
00:05:59,720 --> 00:06:05,450
Its main purpose is to actually use it for bug bounty, while as all of these tools that we covered

80
00:06:05,450 --> 00:06:12,710
by now you can use if you like, but you don't really have to, it's pretty much your choice nonetheless.

81
00:06:12,980 --> 00:06:15,140
More about Burset in the next section.

82
00:06:15,140 --> 00:06:18,880
And let's focus now on a map which we will cover in the next video.

83
00:06:19,430 --> 00:06:19,970
See you there.