When doing bug bounties or various types of assessment, you may want to find unknown pages and directories to find any flaws. To do this, start with their domain name, like google.com and then using the tool below, you can find any pages and directories .

dirsearch

dirsearch.py -u <URL> -x 404 -w /lists/SecLists/Discovery/Web-Content/<wordlist> -m POST

The -u flag is where you input the domain name

The -x flag exclude the given status codes. HTTP 404 is usually not interesting, so I exclude it.

The -w flag is where you provide a wordlist. Read the section below for more information on this.

The -m flag is used to specify the HTTP method. You may want to search for GET, PUT, POST, etc

Wordlists

You will need to use various known wordlists or create your own wordlist to be effective here. I like to use SecLists, as there is a wide range of good wordlists in this Github repository.

Here's some wordlists I typically use for enumeration with dirsearch:

• SecLists/Discovery/Web-Content/common.txt

• SecLists/Discovery/Web-Content/swagger.txt

• SecLists/Discovery/Web-Content/quickhits.txt

• SecLists/Discovery/Web-Content/dirsearch.txt

• SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt