Websploit Directory Scanner
Websploit is a tool that is used to directory Scanner and files on a web server. It is designed to allow users to discover and enumerate files and directories that may be accessible on a web server, but are not intended to be publicly accessible.
This can be useful for identifying potential vulnerabilities or for finding sensitive information that may be stored on the server.
Websploit is typically used by security professionals or hackers to identify and exploit weaknesses in a web server or website.
It is important to note that using Websploit or any other tool to scan or access directories or files on a web server without permission is generally considered unethical and may be illegal in some jurisdictions.
- Metasploitable 3 Installation Guide
- Exploit Pack – Penetration Testing Framework
- Kali Linux Training Free || Kali Linux Complete Course Free Download
In the next few tutorials I will explain how to use the different Websploit modules. WebSploit is an open source project for web application assessments. In this tutorial we will be using the websploit directory scanner module and we will add some custom directories.
Websploit directory scanner is a script which scans webservers for directories listed in the script and tells you they exist or not.
Due to many errors generated by the script, mostly 400 Bad Request errors on existing directories, I have edited the script. the issues causing the 400 Bad Request errors have been fixed now.
I’ve also added a verbosity option so you can choose whether you just want to see existing directories or errors too. Code 302 Found is coloured green now instead of yellow. The new script can be downloaded here (save as):
directory_scanner.py (85141 downloads)
Replace the script in the following directory in Kali Linux:
/usr/share/websploit/modules/directory_scanner.py
To use the Websploit Directory Scanner to scan directories on a web server, you will need to have Websploit installed on your computer and be connected to the internet.
- Open Websploit.
- From the main menu, select the “Web Server Scanner” option.
- Enter the URL of the web server that you want to scan in the “Target” field.
- Select the “Directory Scanner” option from the list of available scan options.
- Click the “Start Scan” button to begin the scan.
Websploit will then scan the directories on the web server and display a list of the directories that it has found. You can then click on any of the directories to view its contents or further scan it for files.
It is important to note that Websploit is only intended for use on systems that you have permission to scan. Using Websploit or any other tool to scan or access directories or files on a web server without permission is generally considered unethical and may be illegal in some jurisdictions.
Websploit Directory Scanner
Let’s open a terminal and start Websploit with the following command:
websploit
Use the following command to view the list of available Websploit modules:
show modules
Module web/dir_scanner scans the target for common web directories. Use the following command to set web/dir_scanner:
use web/dir_scanner
Use the following command to show available options for the used module:
show options
Use the following command to set the target:
set target [url]
And the following command to set the verbosity level:
set verbosity 1
Verbosity 0 = Show found directories (302 found and 200) only
Verbosity 1 = Show all
Now type Run to run the module against the selected target:
run
Adding custom directories to Websploit Directory Scanner
Open the following file:
/usr/share/websploit/modules/directory_scanner.py
Add your directories to the following lines:
Make sure you use this format: ‘/wp-admin/’,