gobuster

gobuster tries to find valid directories from a wordlist of possible directories. gobuster can also be used to valid subdomains using the same method.

gobuster dir -u http://10.10.10.10 -w /usr/share/seclists/Discovery/Web-Content/raft-small-words.txt

If for example bad directories are 302 over to the 404 page
You will need to add 302 to the bad status codes list, only 404 is there by default

gobuster dir -u http://10.10.10.10 -w /usr/share/seclists/Discovery/Web-Content/raft-small-words.txt -b 302,404

gobuster vhost --url http://intranet.poo -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain

Last updated 4 days ago