Discover hidden files & directories on a webserver - dirsearch full tutorial.

Video Index
00:00 - 00:22 - Channel Intro
00:23 - 01:17 - Intro to dirsearch
01:18 - 01:30 - Channel disclaimer
01:31 - 02:51 - Tool background and concepts
02:52 - 04:01 - Installation notes & guidelines
04:02 - 07:14 - General comparison between tools & note on wordlists
07:15 - 08:26 - Setup details
08:27 - 09:50 - Basic scan demonstration
09:51 - 12:25 - Extension specific scans
12:26 - 17:29 - Customizing wordlist dictionary & filtering http response codes
17:30 - 19:10 - Specifying HTTP methods for discovery
19:11 - 22:30 - Timing & speed throttling options
22:31 - 25:19 - Recursive scan of directories
25:20 - 28:06 - Adding cookies for deeper scanning
28:07 - 31:20 - Saving results & creating scan reports
31:21 - 32:05 - Outro & Thanks

In this detailed tutorial for the tool dirsearch, we explore and explain in-depth the available options for discovering contents on a web server, be it files or directories, dirsearch is fully capable of performing in-depth and comprehensive directory and file discovery on a web server hosting a web application.

For #pentest & #bugbounty hunting, we perform various discovery stages from passive to active, but at a certain point, it becomes necessary to discover interesting contents like hidden files/backups, administrative panels or other location that can supposedly have sensitive information which is not intended for regular users to check & verify if there is any misconfiguration that can lead to information disclosure or in worst case authentication & authorization bypass. For a web application developer, it becomes important to assess and ensure that the application maintains consistency in its checks and measures to prevent access to certain important files or directories. #server hardening also plays an important part in securing the same.

We are thankful to @maurosoria & @shelld3v for creating this awesome #scanner #dirsearch which has multiple flexible options right from controlling almost all aspects of a http request with speed and efficiency. This tool is valuable for #pentesting engagements. We are confident that dirsearch will certainly help penetration testers and bug hunters to help their clients enhance their application security or #appsec as it is commonly referred.

Please like, subscribe and comment on the video and let us know what you would like to see in the upcoming videos. We are in constant process to bring you quality & Educational content in future.

DISCLAIMER : The contents and the demonstration shown in this video are solely for the purpose of testing a web application and securing it against any malicious attacks. The creator does not take any responsibility for misuse of the tool by others. If you are a penetration tester or a bug bounty researcher, we encourage you to thoroughly read and understand the engagement rules and tweak the tool accordingly and respect the platform rules.

dirsearch download link - https://github.com/maurosoria/dirsearch
seclists - https://github.com/danielmiessler/Sec...

Link to test sites by acunetix - http://testphp.vulnweb.com/ -- Thank you Acunetix.

If you are interested to learn to use #nmap scanner in the right way and explore the #scanner to its optimal performance, then we recommend you to have a look at and enroll at our Udemy course - "Network Security Auditing with nmap".

Course link - https://www.udemy.com/course/network-...

Contact us for best price and discount coupons
Website : https://evolutioninfosecure.in
Twitter: @evolutionsec