I let dirbuster loose on a server, as detailed in this very helpful guide, but it didn't turn up any results, despite using the largest wordlist available. Why would this happen?
The server is using php based on it's netcraft results, but no php files were even found when I had dirbuster use that extension.
2 Responses
There could be numerous reasons. The first and most obvious is that the server doesn't have any of the file or directory names in the wordlist.
The second reason may be the way you ran dirbuster. Want to share the site, your configuration and screenshot?
I'm hesitant to share the site ha. I'm a knowledgeable programmer, but I am completely new to hacking and I'm erring on the side of extreme paranoia with all of this ha. I've been vacuuming up knowledge on this site especially, but there's so much, and I'm not at all confident that I can do this safely yet.
I will however share my configuration! I ran my scans on a live usb version of kali (I'm planning on making that usb persistent and possibly dual booting as well) and I wondered if that could have messed with my results.
I didn't do a recursive scan, since I just wanted to understand the root directory before scanning further, but it didn't matter since no directories were found anyway!
My target url was in the format http://"thesite".com:80/. I left off the www, since I wanted to scan the true root directory, but I wasn't sure if that was a real worry.
I'm can't remember a bunch of the details because I'm no longer working in kali. I'm going to boot up that way and get back to you with more details.
Share Your Thoughts