Not all websites make it easy and publish everything on sitemap.xml or robots.txt. Sometimes you have to use some nifty tools in order to sniff out hidden directories. Below is a simple guide on how you can do this.
The first tool you can use is called Dirsearch
git clone https://github.com/maurosoria/dirsearch
cd dirsearch
Python3 dirsearch.py -u [url:port] -e [extension: php,asp,html]
Dirsearch is a neat tool which allows you to quickly search for hidden directories. It will fill up you terminal though.
If you don’t want to scroll through all the options, you can output it into a file using:
python3 dirsearch.py -u http://……..:443 -e php,asp,html,js -R 5 > file.txt
The -R 5 is the recursive level. If you use -r, by default it’s level is 1.
OWASP DirBuster
https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
DirBuster is a GUI tool which does most of the heavily lifting for you. It has a massive set of wordlists that it can use which will be under /usr/share/wordlists/dirbuster/
Be careful which options you choose though as this tool can be heavy duty. Start off small first and then ramp up if needed. If you choose to flood it, the scan could take days.
GoBuster
https://github.com/OJ/gobuster
apt-get install gobuster
gobuster -u [URL] -w [wordlist]
GoBuster is a straight forward tool that can help you find hidden directories.
You simply select your site and wordlist and it does the rest.
amoran.io 
Leave a Reply