Subtitle:
How I built my own version of Gobuster to find sensitive hidden paths on web servers.
[Intro]
Hello Hackers! ๐
After building a Subdomain Scanner, the next logical step in Reconnaissance is Directory Busting.
Finding the domain is just the beginning. The real treasure (like /admin, /backup, /config) hides deep inside the server directories.
Tools like Gobuster and Dirb are great, but I wanted to understand the logic behind them. So, I coded my own Directory Buster using Python.
[The Logic: HTTP Status Codes] ๐ฆ
The script works by brute-forcing URL paths. It sends a request for every word in a wordlist. The key lies in the Response Code:
- 200 OK: โ The file exists (Jackpot!).
- 403 Forbidden: ๐ซ The file exists but is protected (Even more interesting!).
- 404 Not Found: โ Nothing here.
My script filters out the 404s and only shows the valid paths.
[The Source Code] ๐ป
Here is the script dir_buster.py:
import requests
import sys
print("-" * 50)
print(" Akhil's Directory Buster ")
print("-" * 50)
target_url = input("Enter Target URL: ").strip()
wordlist = "/usr/share/wordlists/dirb/common.txt"
try:
with open(wordlist, "r") as file:
directories = file.read().splitlines()
except FileNotFoundError:
print("[!] Wordlist not found.")
sys.exit()
print(f"\n[*] Scanning {target_url}...\n")
for dir_name in directories:
if not dir_name or dir_name.startswith('#'):
continue
full_url = f"{target_url}/{dir_name}"
try:
response = requests.get(full_url, timeout=2)
if response.status_code == 200:
print(f"[+] Found (200): {full_url}")
elif response.status_code == 403:
print(f"[*] Forbidden (403): {full_url}")
except:
pass
print("\n[*] Scan Complete!")"Important โ this code is work on linux terminal because of path โ "/usr/share/wordlists/dirb/common.txt"
[Results] ๐
I tested this on testphp.vulnweb.com and it successfully found:
/admin(The login panel)/images(Directory listing enabled)/CVS(Source code exposure)
This tool is now a permanent part of my Recon Toolkit. Happy Hacking! ๐