Monday, October 12, 2015

Find Hidden Website Folders

Here's a simple tool that can find Hidden/Common Website Folders that might not have a link directly to them from the main page.

Download a brute force website scanner like dirs3arch

Run it against an ASP website
   python.exe dirs3arch.py -u mywebsitethatiownandcontrol.com -e asp

Or Run it against a PHP website
   python.exe dirs3arch.py -u mywebsitethatiownandcontrol.com -e php

Watch as it discovers several pages that may or may not be of interest



Why might this be useful? Well, if you're a bad guy you probably want to know if there's administrator pages hidden, or you can use this to determine based on the existance of certain folders what Operating System, Web Environment, Programming Service, Version, etc. it's running so you know how to target it. If you're a good guy (like us) then you want to know what the bad guy's going to find so you can secure it and properly protect your website.

General reminder that this demonstration was for educational and awareness purposes and should not be used for malicious activities.

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment