URLBrute – Tool to Brute Forcing Website Sub-Domains and Directories
Brute-Forcing is the technique of matching the credentials like Usernames, Passwords, OTPs for unauthenticated access to the target domain. The list of words are been tested against the target to get the exact credentials. All this process is done through automated tools. URLBrute is an automated tool developed in the Golang language which can be beneficial to penetration testers while testing the web application. URLBrute performs brute-forcing for the identification of directories and files on the target domain. These directories and files can contain some valuable information about the target. URLBrute tool is available on the GitHub platform, it’s free and open-source to use.
Sub Modules of URLBrute Tool
Scan for directories on the target website.
./urlbrute dir -h
Scan for subdomains on the target website.
./urlbrute dns -h
Note: As URLBrute is a Golang language-based tool, so you need to have a Golang environment on your system. So check this link to download Golang in your system. – How to Install Go Programming Language in Linux
Installation of URLBrute Tool in Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/ReddyyZ/urlbrute.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: Build the go file using the following command
sudo go build
Step 4: Now use the following command to run the tool and check the help section.
Working with URLBrute Tool in Kali Linux OS
Example 1: Default options
./urlbrute dir -u geeksforgeeks.org -w common.txt
In this example, we are performing a simple scan on the target domain https://geeksforgeeks.org.
We have got the results of our scan.
Example 2: Showing 404 status code
./urlbrute dir -u geeksforgeeks.org -w common.txt --code 404
In this example, we are only displaying the results which returns the 400 response code.
We have got the results with only 400 status codes.
Example 3: Changing user-agent
./urlbrute dir -u geeksforgeeks.org -w common.txt –useragent geeksforgeeks
In this example, we are changing the user-agent value.
We have changed the user-agent value to geeksforgeeks.
Example 4: Searching for DNS
./urlbrute dns -d geeksforgeeks.org -w domain.txt –ip
In this example, we are searching for DNS on geeksforgeeks.org
We have got the results of our DNS search.