✔️ Find and utilize testing features

✔️ Exploit information saved in backup or old files

✔️ Find hidden resources

Users or search engines will not find a resource if it is not linked by a webpage

We could find some files if we know their url.

this means that we can manually enter the location of a file we know we could find and it would be retrieved provided that the file exists at that location

Enumeration helps us find hidden resources that can contain:

• new and untested features
• backup files
• testing information
• developer's notes

and more because "no one knows the URL"

Programmers could leave backup files on a server giving us access to sensitive info:

IP of backend server db

credentials used to test features

Ways to enumerate resources:

1. Pure brute-force attack
2. Dictionary-based attack

1️⃣ Brute-force Enumeration

Trying every possible combination of characters

Super inefficient

287979 trials to reach "home" (that too just lowercase letters)

2️⃣ Dictionary-based Enumeration

trying common directory and file names with common extensions

enumerate through a list of common file names, directory names, and file extensions

manually doing this is tedious so we will automate with: OWASP Dirbuster

🔷 OWASP Dirbuster

• Application interface:

We can specify the following options:

• Target IP
• Scan Type
• File with list of dir/file names
• other options

🔷 Dirb