Path Enumeration

Discover existing files and directories of a web site based on wordlists.


gobuster -k -l -e -r -u [URL] -w [/path/to/wordlist] -a 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' -o [/path/to/output/logfile]
Option Description
-k Skip SSL certificate verification
-l Include the length of the body in the output
-e Expanded mode, print full URLs
-r Follow redirects
-a string Set the User-Agent string (default gobuster X.X.X)

Use the following additional options when required:

Additional Option Description
-p http(s)://host:port Proxy to use for requests
-c string Cookies to use for the requests
-U string Username for Basic Auth
-P string Password for Basic Auth

The website requires client certificate authentication? Either pass the requests through a proxy (such as Burp or ZAP) or use dirb -E.


dirb <base URL> -o <output file>
Option Description
-a User-Agent string (default is Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1))
-r Don’t search recursively
-R Interactive recursion
-E [cert.pem] Use a client certificate to authenticate (base64 with both key and cert)

Prefer GoBuster over dirb when possible as the later is quite slower.


Success of path enumeration only depends on the wordlist content, choose it carefully.

Wordlist Description
/usr/share/dirb/wordlists/common.txt Very small (~4600) but find most common files and directories
/usr/share/dirb/wordlists/big.txt Large (~20500) Many wordlists dedicated to specific applications