February 2020
Beginner
544 pages
12h 40m
English
Content preview from Hunting Cyber Criminals
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
CHAPTER 7Directory Hunting
Inevitably on your quest to find information about a website, you will need to look for hidden (i.e., forgotten) treasures. The best way to do this is to look for random directories. If you have not tried this yet, you will be amazed at how much information people just forget about: webshells, PhPMyAdmin pages, folders with directory browsing and/or full read/write permissions, private files, and so much more. There are several ways to accomplish this. One is bruteforcing the target to find working directories, and the other is analyzing crawl data. This chapter will look at both.
Dirhunt
Dirhunt is a type of web crawler designed to search and analyze directories and folders within a web application. Dirhunt is not really a scraper, and it does not use bruteforce to find folders. Instead, Dirhunt checks a number of sources to find interesting files or folders, including Google and VirusTotal. Dirhunt is also designed to detect false 404 errors to minimize the number of false positives in your results.
The parameters of Dirhunt include:
-t, --threads INTEGER Number of threads to use-x, --exclude-flags TEXT Exclude results with these flags-i, --include-flags TEXT Only include results with these flags-e, --interesting-extensions TEXT Look for files with thefollowing extensions-f, --interesting-files TEXT The files with these names areinteresting--stdout-flags TEXT ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.