How To Work With OWASP DirBuster

Reza Rafati
Estimated read time 2 min read

Mapping phishing pages is crucial for detecting and mitigating potential security risks. OWASP Dirbuster, a powerful tool available in Kali Linux, can help identify hidden directories and files on a target website. In this article, we will explore how to use OWASP Dirbuster in Kali Linux for mapping phishing pages.

How To Work with OWASP DirBuster

Step 1: Launching Kali Linux and Opening OWASP Dirbuster

type dirbuster into your terminal.
type dirbuster into your terminal.
  1. Start Kali Linux and open the terminal.
  2. Type the command “dirbuster” to launch OWASP Dirbuster.

Step 2: Create your own wordlist

It is important to be effective, so you will not waste time on paths that won’t give you any results. Try to get a good understanding of the phishingkit or the scam page your are trying to map. Keep previously found paths, and add them to your knowledge base (wordlists)

admin
login
pay
payment

You can save this wordlist as mywordlist_for_phishing_attacks.txt.

Step 3: Configuring OWASP Dirbuster

Configuring OWASP Dirbuster
Configuring OWASP Dirbuster
  1. In the OWASP Dirbuster GUI, enter the target website URL in the “Target URL” field.
  2. Specify the desired port number in the “Port” field (e.g., 80 for HTTP, 443 for HTTPS) if wanted.
  3. Choose the “Directory List” option, which contains a list of common directory names to test.
  4. Select the desired “Thread Count” to determine the number of simultaneous connections.
  5. Enable or disable options like “Follow redirects” and “Use HTTPS.”

Step 4: Starting the Scan

Starting the DirBuster Scan in Kali Linux
Starting the DirBuster Scan in Kali Linux
  1. Click the “Start” button to initiate the scanning process.
  2. OWASP Dirbuster will begin enumerating directories and files on the target website.

Step 5: Analyzing the Results

Analyzing the DirBuster Results
Analyzing the DirBuster Results
  1. Once the scan is complete, OWASP Dirbuster will display a list of discovered directories and files.
  2. Analyze the results to identify potential phishing pages or suspicious directories.
  3. Look for directory or file names that resemble popular services or login pages, such as “login,” “banking,” or “paypal.”
  4. Note down any findings that require further investigation.

OWASP Dirbuster, a powerful tool available in Kali Linux, helps in mapping phishing pages by identifying hidden directories and files. By following the steps outlined in this article, you can effectively use OWASP Dirbuster to detect and mitigate potential phishing threats.

Think This Is Crucial Info? Share to Inform Others!
Avatar for Reza Rafati
Reza Rafati https://cyberwarzone.com

Reza Rafati, based in the Netherlands, is the founder of Cyberwarzone.com. An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author