# Find hidden files and directories

### TLDR <a href="#tldr" id="tldr"></a>

```
# Dirb
dirb https://192.168.1.101

# Gobuster - remove relevant responde codes (403 for example)
gobuster -u http://192.168.1.101 -w /usr/share/seclists/Discovery/Web_Content/common.txt -s '200,204,301,302,307,403,500' -e
```

### About <a href="#about" id="about"></a>

There is essentially no way for a user to know which files are found in which directories on a web-server, unless the whole server has directory listing by default. However, if you go directly to the page it will be shown. So what the attacker can do is to brute force hidden files and directories. Just test a bunch of them. There are several tools for doing this. The attack is of course very noisy and will show up fast in the logs.

#### Dirb <a href="#dirb" id="dirb"></a>

This is a really easy tool to use:

```
dirb http://target.com
```

#### Dirbuster <a href="#dirbuster" id="dirbuster"></a>

It is a GUI You start it with:

```
dirbuster
```

#### OWASP ZAP <a href="#owasp-zap" id="owasp-zap"></a>

Insert your target. Add it to the context Click the plus-sign Click on Forced Browse

#### Wfuzz <a href="#wfuzz" id="wfuzz"></a>

You can find the manual by typing:

```
wfuzz -h
```

```
wfuzz -c -z file,/root/.ZAP/fuzzers/dirbuster/directory-list-2.3-big.txt --sc 200 http://pegasus.dev:8088/FUZZ.php
```

#### Gobuster <a href="#gobuster" id="gobuster"></a>

```
# Gobuster - remove relevant responde codes (403 for example)
gobuster -u http://192.168.1.101 -w /usr/share/seclists/Discovery/Web_Content/common.txt -s '200,204,301,302,307,403,500' -e
```

### WAF - Web application firewall <a href="#waf---web-application-firewall" id="waf---web-application-firewall"></a>

It might be that dirb shows you 403 errors, instead of the expected 404. This might mean that there is a WAF protecting the site. To get around it we might have to change our request header to it looks more like a normal request.

```
dirb http://target.com -a "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
```

[<br>](https://sushant747.gitbooks.io/total-oscp-guide/content/sql-injections.html)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cybermuhdupa.gitbook.io/total-oscp-guide/vulnerability-analysis/http-web-vulnerabilities/common-web-services/waf-web-application-firewall/find-hidden-files-and-directories.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.