██████╗ ██╗██████╗ ██████╗ ██╗ ██╗███████╗████████╗███████╗██████╗ ██╔══██╗██║██╔══██╗██╔══██╗██║ ██║██╔════╝╚══██╔══╝██╔════╝██╔══██╗ ██║ ██║██║██████╔╝██████╔╝██║ ██║███████╗ ██║ █████╗ ██████╔╝ ██║ ██║██║██╔══██╗██╔══██╗██║ ██║╚════██║ ██║ ██╔══╝ ██╔══██╗ ██████╔╝██║██║ ██║██████╔╝╚██████╔╝███████║ ██║ ███████╗██║ ██║
DIRBUSTER
WEB ENUMERATION TRAINING ENVIRONMENT
MODULE 04 — DIRECTORY & FILE DISCOVERY
Initializing target: http://apexweb.lab...

OBJECTIVES

Visit target & check robots.txt
curl http://apexweb.lab (headers)
Run gobuster directory scan
Run gobuster with -x extensions
Run dirb scan
Browse discovered paths manually
Find credentials in /backup/config.bak
Submit pentest report
💻
Terminal
🌐
Browser
📖
Reference Manual
📝
Notepad
📋
Pentest Report
APEX LAB
Terminal
Browser
Reference
Notepad
Report
--:--:--
PHASE 1 — PASSIVE RECON
MISSION BRIEF

MISSION BRIEFING

WEB APPLICATION ENUMERATION — APEX SYSTEMS

SCENARIO

You are a penetration tester conducting a web application assessment against Apex Systems' public-facing portal. Your objective is to discover hidden directories, exposed files, and sensitive configuration data using Gobuster and Dirb.

TARGET

http://apexweb.lab

HIDDEN PATHS

PathContents
/robots.txtDisallowed path hints
/adminAdmin login panel
/admin/config.phpDB credentials
/backupDirectory listing
/backup/db_backup.sqlDatabase dump
/backup/config.bakPlaintext password
/.gitExposed repo
/api/v1/usersUnauthenticated user list
/uploadsFile upload directory
/phpmyadminphpMyAdmin login
/server-statusApache server status

PHASES

  • Phase 1 — Passive Recon (browser + curl)
  • Phase 2 — Gobuster directory scan
  • Phase 3 — Gobuster with file extensions
  • Phase 4 — Dirb scan comparison
  • Phase 5 — Manual exploration
  • Phase 6 — Pentest report

OBJECTIVES

  • Visit target and check robots.txt
  • Run gobuster directory enumeration
  • Run gobuster with -x php,bak,sql,txt
  • Run dirb for comparison
  • Browse discovered paths
  • Find credentials in /backup/config.bak
  • Submit pentest report
Display Mode
TERMINAL — user@kali:~$
Last login: Mon May 8 09:12:44 2026 from 10.0.2.1
user@kali:~$ # Web Enumeration Lab — http://apexweb.lab
user@kali:~$ # Type commands below. Try: curl http://apexweb.lab
user@kali:~$
APEXWEB BROWSER
REFERENCE MANUAL — GOBUSTER / DIRB
GOBUSTER FLAGS
gobuster dir — directory/file bruteforce mode
-u <url> — target URL
-w <wordlist> — path to wordlist
-x <exts> — file extensions to append (php,bak,sql,txt)
-t <threads> — concurrent threads (default 10)
-o <file> — output results to file
--status-codes 200,301,302 — filter by codes
-q — quiet mode (suppress banner)
gobuster dir -u http://apexweb.lab -w /usr/share/wordlists/dirb/common.txt
gobuster dir -u http://apexweb.lab -w /usr/share/wordlists/dirb/common.txt -x php,bak,sql,txt
DIRB FLAGS
dirb <url> <wordlist>
-o <file> — save output
-X .php,.bak — file extensions
-r — don't search recursively
-z 10 — add 10ms delay
dirb http://apexweb.lab /usr/share/wordlists/dirb/common.txt
CURL FLAGS
-I — headers only
-v — verbose
-L — follow redirects
curl -I http://apexweb.lab
HTTP STATUS CODES
200
OK — resource exists
301
Moved Permanently — redirect
302
Found — temporary redirect
403
Forbidden — exists but blocked
404
Not Found
WORDLISTS
/usr/share/wordlists/dirb/common.txt (4614 words)
/usr/share/wordlists/dirb/big.txt (20469 words)
/usr/share/wordlists/dirbuster/medium.txt
/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
NOTEPAD — FINDINGS SCRATCHPAD
PENTEST REPORT — WEB ENUMERATION
ENGAGEMENT DETAILS
CREDENTIAL DISCOVERY
RECOMMENDATIONS
Score: 0 / 10