So you learned how to fusk for files, but that doesn’t always work. Well that’s okay! I’ve got another fun trick up my sleeve. Enter DirBuster. DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. DirBuster does essentially what a fusker does with sequential numbers but instead uses a list based attack. That being said, you are only as good as your list! Check out DirBuster by OWASP over at http://owasp.org. Also! DirBuster is only used for identifying files, not exploiting them.