Web Enumeration Tool Benchmark
Less than 1 minute
Often during pentesting engagements, you will face to an HTTP/HTTPS webserver. A great way to find things on it is to enumerate resources. Multiple command line tools exist to do so including the following:
- dirb
- gobuster
- wfuzz
Some of them can help to do more than a siple ressource enumeration but we will focus on the enumeration part. The idea is to test these tools in order to find which one is the fastest enumeration tool. Tests will be done on the same target, where there is 3 endpoints that have the PHP extension.
dirb
dirb is part of Kali linux tools
$> dirb http://10.10.10.181/ -X .php /usr/share/wfuzz/wordlist/general/big.txt0.32s user
1.54s system
0% cpu
17:45.79 totalGobuster
gobuster dir -f -e -r -k -s 200 -x php -u http://10.10.10.181/ -w /usr/share/wordlists/dirb/big.txtThe statistics :
0.75s user
1.19s system
1% cpu
1:55.79 totalWfuzz
wfuzz -c --sc 200 -w /usr/share/wordlists/dirb/big.txt http://10.10.10.181/FUZZ.phpThe statistics :
174.13s user
110.00s system
101% cpu
4:38.72 totalConclusion
It seems that dirb is the fastest web enumeration tool