No worries, it happens 🙂 What you proposed is called directory brute forcing, or "dirbusting". And to answer the original q, I'd check shodan, historical DNS data, mine website JS, do lookup from SecList list of known subdomains and also brute force feasible \w keyspace

Has anyone used nuclei for dirbusting? (instead of ffuf/feroxbuster/gobuster) What's your experience (yay/nay)? @pdnuclei

Uncover Hidden Web Paths with Recursive Dirbusting bitpanic.medium.com/uncover-… #bugbounty #bugbountytips #bugbountytip

Recursive dirbusting

The power of a good wordlist 🔥 Just found an excessive data exposure only with dirbusting with an Arabic wordlist! I'm starting to share my dedicated languages wordlist, soon I share more. Check it out 🤑 #bugbountytips #BugBounty #Hacking github.com/r3dpower/Language…

🚀 Simple ffuf bash one-liner helper By @naglinagli
 Here’s a useful bash function one-liner made by @naglinagli to sort out all your directory searching needs. Simply add this into your ~/.bashrc: ffufr() { ffuf -c -w "/path/to/SecLists/Discovery/Web-Content/\" -u "$2/FUZZ" -recursion } Also make sure you have the latest github.com/danielmiessler/Se… and the correct path in the function above. Now you can perform recursive directory searching (dirbusting) of your target domain easily like this: ffufr WORDLISTNAME.txt DOMAIN.com Use this with any of the wordlist that is in the ‘SecLists/Discovery/Web-Content/’ directory. Here’s an example using the ‘tomcat.txt’ wordlist: #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp

The importance of customizing wordlists for your targets 🔥 Dirbusting a German speaking target, I used a German wordlist with common web terms: APIs, names, storage, backups and more! I'll upload some of the wordlists to my Github⚡️ #BugBounty #bugbountytips

Note: you don't need any dirbusting or anything. You have all the code. Spamming the server will be banned

🛡️365 Days of Hacking🛡️ 🔒 Day [133] 🧩 Machine: [Luke-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [Found password in config file via dirbusting. Used it with NodeJs server API to get another passwd, for HttpBasicAuth Dir. Found 'Ajenti' password, securing user and root access.]

🛡️365 Days of Hacking🛡️ 🔒 Day [130] 🧩 Machine: [Apocalyst-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: ['Cewl' for custom wordlist, for dirbusting, found an image. Then, pwd list from that img, with 'steghide', bruteforced wp-admin login, shell. Root, writeable /etc/passwd.]

🛡️365 Days of Hacking🛡️ 🔒 Day [116] 🧩 Machine: [Admirer-HTB] 🌟 Difficulty: [Easy] 🔍 Summary: [Found 'Admirer' running via FTP backup, FTP credentials through dirbusting. In 'Admirer', read the SSH pass from source code. Abused Sudo, Python library hijack.]

Gotta give this lad props for being aware, I’m used to dirbusting these things for days and most just let it happen.

🛡️365 Days of Hacking🛡️ 🔒 Day [99] 🧩 Machine: [Sense-HTB] 🌟 Difficulty: [Easy] 🔍 Summary: [Found pfSense firewall credentials through dirbusting. Logged in and exploited the vulnerability in this version of pfSense by authenticated RCE, resulting in root access.]

CTF No: 20/100🙃 Platform :- @offsectraining Playground Labs Name: Inclusiveness Difficulty: Easy Skills:- Vulnerability Scanning,ftp,file inclusion, curl,dirbusting, Code Review😁

CTF No: 19/100 🙃 Platform: @offsectraining Playground Labs Name: Katana Difficulty: Easy Skills: Vulnerability Scanning,ftp,file inclusion, curl,dirbusting, Code Review😁

Burp - it's just a sweet swiss army knife: useful for web app tests, pw spraying, dirbusting, user enumeration. Even inside: traffic logging (searchable, helps debug other tools), keeping your UAs clean through various tools, automating scraping/misc. Decade later, still a goto!

i mean it would be very hard for me to try and sue anyone for attemptint to do what i asked them publically to try... please do bear in mind u don't need to send me huge volumes of traffic for dirbusting...

maybe this is better? "When you run web scanners, dirbusting, bruteforce, etc. what are typical rates you achieve? What are typical rate-limits? How far do you scale it? Why do you scale or why not?"

AutoRecon defaults to trying to be "safe" and "accurate" more than speedy. You can easily override certain settings to speed it up though: github.com/Tib3rius/AutoReco… You can also set a custom (smaller) wordlist for dirbusting using --dirbuster.wordlist and for 1/2

My experience is very different. It’s more like “code assisted” testing. So we don’t waste time dirbusting etc. we can use the code to immediately identify the interesting areas, routes, how db access is implemented etc. I think it makes black-box testing cheaper?