Skip to main content

Web directory enumeration

Web directory enumeration

Overview

This workflow automates comprehensive web directory and file discovery across an organization's web infrastructure by combining subdomain enumeration with aggressive directory brute-forcing and HTTP probing. It generates detailed HTML reports containing discovered directories, files, and endpoint metadata to support initial reconnaissance phases of security assessments.

How It Works

  1. Wordlist Input Configuration: Accepts custom wordlist specifications for directory enumeration, defaulting to the widely-recognized DirBuster-2007_directory-list-2.3-small.txt for comprehensive coverage of common directory structures.
  2. Passive Subdomain Discovery: Executes Subfinder to gather target subdomains from passive intelligence sources including certificate transparency logs, search engines, and DNS databases.
  3. DNS Intelligence Gathering: Launches DNSDumpster to collect additional subdomain information and DNS records from public repositories, expanding the target surface.
  4. Directory and File Enumeration: Deploys Feroxbuster against all discovered subdomains to systematically brute-force directory structures, hidden paths, backup files, and common web application directories using the configured wordlist.
  5. HTTP Metadata Collection: Runs httpx against all discovered endpoints to validate accessibility and extract comprehensive metadata including HTTP response codes, content-type headers, response body sizes, and server technology fingerprints.
  6. Result Consolidation: Processes all enumeration results through scripting agent to merge data from subdomain discovery, directory enumeration, and HTTP probing into a unified dataset.
  7. HTML Report Generation: Produces detailed HTML table report presenting all discovered directories and endpoints with associated metadata, organized for efficient manual analysis and security assessment planning.

Who is this for?

  • Penetration testers conducting initial reconnaissance during web application security assessments
  • Security consultants performing comprehensive attack surface discovery for client engagements
  • Bug bounty hunters identifying hidden directories and forgotten endpoints within authorized scope
  • Security teams performing periodic web infrastructure audits and exposure analysis
  • Red team operators gathering intelligence during pre-engagement reconnaissance phases

What problem does this workflow solve?

  • Eliminates manual directory enumeration by automating subdomain discovery, brute-forcing, and validation into a single streamlined workflow
  • Provides complete web directory visibility across entire subdomain infrastructure through systematic enumeration of common paths and files
  • Reduces reconnaissance time by running directory discovery across all subdomains simultaneously with automated HTTP validation
  • Delivers structured enumeration results in HTML format that facilitates efficient manual analysis and prioritization of interesting targets
  • Standardizes initial reconnaissance methodology for consistent web infrastructure discovery across different security assessment engagements