Dirbuster is a tool used to help discover content on a target website during an assessment. It does so by making a massive number of requests for directories to a given site and documenting the responses.
Here are a few options I like to set when using the tool:
- Enable the following of redirects
- Change my
user-agentto a common IE or Firefox version
- Limit the requests-per-second I can send based on host
- If the site is hosted on IIS, use the lowercase word lists
- Lower the timeout period
- Avoid guessing files unless you have a lot of time or it’s a small site
Just enabling redirects will get quite far superior results.
That being said, remember that Burp supports content discovery as well, but not custom wordlists. The advantage there is that the Burp discover is…well, Burp-aware.