• Home
  • About Us
  • General
  • Wireless
  • Web
  • Scanning
  • Metasploit
  • Hacking Courses
    • OSCP
    • The Virtual Hacking Labs
    • Certified Ethical Hacker (CEH)
    • Hacking Books
  • More
    • Exploit tutorials
    • Pentesting Exchange
    • Networking
    • Malware Analysis
    • Hacking Metasploitable 2/3
    • Digital Forensics
  • Contact
Facebook Twitter Instagram
Trending
  • CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
  • Installing Rogue-jndi on Kali Linux
  • Log4Shell VMware vCenter Server (CVE-2021-44228)
  • The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
  • CVE-2019-19781: Citrix ADC RCE vulnerability
  • Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
  • Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
  • Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Facebook Twitter YouTube Tumblr Instagram Pinterest
Hacking Tutorials
  • Home
  • About Us
  • General
  • Wireless
  • Web
  • Scanning
  • Metasploit
  • Hacking Courses
    • OSCP
    • The Virtual Hacking Labs
    • Certified Ethical Hacker (CEH)
    • Hacking Books
  • More
    • Exploit tutorials
    • Pentesting Exchange
    • Networking
    • Malware Analysis
    • Hacking Metasploitable 2/3
    • Digital Forensics
  • Contact
Hacking Tutorials
You are at:Home » Metasploit Tutorials » Websploit Directory Scanner – Scanning webserver directories
Websploit Directory Scanner

Websploit Directory Scanner – Scanning webserver directories

1
By Hacking Tutorials on June 7, 2015 Metasploit Tutorials, Web Applications

In the next few tutorials I will explain how to use the different Websploit modules. WebSploit is an open source project for web application assessments. In this tutorial we will be using the websploit directory scanner module and we will add some custom directories. Websploit directory scanner is a script which scans webservers for directories listed in the script and tells you they exist or not.

Due to many errors generated by the script, mostly 400 Bad Request errors on existing directories, I have edited the script. the issues causing the 400 Bad Request errors have been fixed now. I’ve also added a verbosity option so you can choose whether you just want to see existing directories or errors too. Code 302 Found is coloured green now instead of yellow. The new script can be downloaded here (save as):

directory_scanner.py (120574 downloads)

 

Replace the script in the following directory in Kali Linux:

/usr/share/websploit/modules/directory_scanner.py

Websploit Directory Scanner

Let’s open a terminal and start Websploit with the following command:

websploit

Websploit start

Use the following command to view the list of available Websploit modules:

show modules

Websploit Modules

Module web/dir_scanner scans the target for common web directories. Use the following command to set web/dir_scanner:

use web/dir_scanner

Use the following command to show available options for the used module:

show options

Websploit show options

Use the following command to set the target:

set target [url]

And the following command to set the verbosity level:

set verbosity 1

Verbosity 0 = Show found directories (302 found and 200) only
Verbosity 1 = Show all

Now type Run to run the module against the selected target:

run

Websploit run directory scanner

Adding custom directories to Websploit Directory Scanner

Open the following file:

/usr/share/websploit/modules/directory_scanner.py

Add your directories to the following lines:

websploit directory Scanner custom dirs

Make sure you use this format: ‘/wp-admin/’,

Websploit Directory Scanner Video Tutorial


Thanks for watching and please subscribe to my YouTube channel :)

 

If you’re interested in learning more about web penetration testing you can follow any of these online courses:


Online Hacking Courses


Web Penetration Tester

You will learn hacking tools, methodologies and techniques. This is a both practical and theoretical step-by-step course. Read more…

How to be an Independent security researcher

If you are a web developer, Bug Hunter or any it security researcher then this course will be very help full.
Read more…

Share on:

  • Email
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleHow to hack a WordPress website with WPScan
Next Article Installing VPN on Kali Linux

Related Posts

Installing Rogue-jndi on Kali Linux

Log4Shell VMware vCenter Server (CVE-2021-44228)

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations

1 Comment

  1. Omar on June 12, 2015 11:10 am

    Great tutorial thanks for the download.

    Reply

Leave A Reply Cancel Reply

Top Tutorials
By Hacking TutorialsOctober 29, 20220

CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

By Hacking TutorialsJanuary 10, 20220

Installing Rogue-jndi on Kali Linux

By Hacking TutorialsDecember 17, 20210

Log4Shell VMware vCenter Server (CVE-2021-44228)

By Hacking TutorialsSeptember 27, 20210

The Great Leak: Microsoft Exchange AutoDiscover Design Flaw

By Hacking TutorialsFebruary 4, 20200

CVE-2019-19781: Citrix ADC RCE vulnerability

By Hacking TutorialsNovember 1, 20188

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations

Subscribe

Enter your email address to subscribe to Hacking Tutorials and receive notifications of new tutorials by email.

Join 828 other subscribers
Recent Tutorials
  • CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
  • Installing Rogue-jndi on Kali Linux
  • Log4Shell VMware vCenter Server (CVE-2021-44228)
  • The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
  • CVE-2019-19781: Citrix ADC RCE vulnerability
Virtual Hacking Labs
Penetration Testin Course and Hacking Labs
Categories
  • Digital Forensics
  • Exploit tutorials
  • General Tutorials
  • Hacking Books
  • Hacking Courses
  • Malware Analysis Tutorials
  • Metasploit Tutorials
  • Networking
  • Pentesting Exchange
  • Scanning Tutorials
  • Web Applications
  • Wifi Hacking Tutorials
Downloads
  • directory_scanner.py (120574 downloads)
  • PEiD-0.95-20081103.zip (111427 downloads)
  • wifi_jammer.py (138172 downloads)
Recent Tutorials
  • CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
  • Installing Rogue-jndi on Kali Linux
  • Log4Shell VMware vCenter Server (CVE-2021-44228)
  • The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
  • CVE-2019-19781: Citrix ADC RCE vulnerability
  • Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
Popular Tutorials
By Hacking TutorialsSeptember 1, 2016115

Review: Offensive Security Certified Professional (OSCP)

By Hacking TutorialsApril 18, 201738

Exploiting Eternalblue for shell with Empire & Msfconsole

By Hacking TutorialsMarch 17, 201637

Installing VPN on Kali Linux 2016 Rolling

Featured Downloads
  • directory_scanner.py (120574 downloads)
  • PEiD-0.95-20081103.zip (111427 downloads)
  • wifi_jammer.py (138172 downloads)
© Hacking Tutorials 2022

Type above and press Enter to search. Press Esc to cancel.

Go to mobile version