Closed CoolHandSquid closed 4 years ago
@CoolHandSquid
Are you looking to use the IP for subdomain enumeration? I ask because I am not sure that would work unless you add the IP to your /etc/hosts file, give the IP a domain name in the file, then try to enumerate from there. If that doesn't work for you, I can look at adding a subdomain brute-forcing functionality to the tool.
Also, if you want to use some of the other features of the tool on an IP and bypass the subdomain enumeration, you can add the IP address or addresses to a file and read the file into the tool with the -s flag and everything will still work.
Adding in utilization of dirsearch type tool would be huge. Possibly with a larger list of potential directories for the first level and then a small list for recursive searching. My recommendation is for /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt as the larger list and /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt for the smaller one because they are already built into older and newer kali's at the same location.
@CoolHandSquid
So the functionality to brute-force directories is already there with the -D flag that way you can choose which wordlist you would like as I use different wordlists based on the application/target that I am going after. As a word of warning, if you are running this against an extensive list of subdomains or IP's, the time to scan will be significant.
I would have to look at the logic of how to run a second layer of testing against the directories that received 200, 403, etc. Is that what you are getting at?
I did not see that. What you have going should be fine. Awesome stuff!
Fantastic! Thanks!
Would it be possible to add this functionality?