Bruteforce

You must enable the bruteforce attack method to use this feature. Simply click the "Bruteforce" tab and check the "Enable" option.

There are a number of additional configuration options which you can use to tune the tool to your requirements.

Method

This option defines the type of HTTP method that will be used when building the HTTP requests. The HEAD method is faster while the GET method (default) is usually more accurate. It is encouraged to use GET in most situations as the number of false-positives will be significantly less.

Recursion

If selected, the bruteforce operation will be performed recursively on subfolders. This option is likely going to take more time. It is recommended to use recursion only if required, not by default.

Files & Folders

The "Files" and "Folder" options are used to define the dictionaries required to perform file and folder bruteforcing. You can load your own dictionary, construct a dictionary inline or use one of the pre-built common dictionaries such as those available in dirbuster-ng, fuzzdb and many more.

For more information consult with the Dictionaries manual.

Composites

The "Composites" option is used to create arbitrary strings which can be used for file and directory bruteforcing. This feature is most useful when bruteforcing for file extensions for example.

Select a dictionary for the "Names" and optional dictionary for the "Suffixes". Unfold will combine both dictionaries to generate a list of test URLs.

Unlike the "Files" and "Folders" options, the "Composites" options do not automatically encode the "Names" and "Suffixes" to match the URL conventions and encoding practices. It is possible to use the "Composites" option to bruteforce any arbitrary strings.

Consider the situation where the application is using a server-side script to fetch a local resource. The URL is http://target/fetch?path=/path/to/file. In this case, the "Names" dictionary will contain a single item http://target/fetch?path=, while the "Suffixes" dictionary will contain the paths for testing.

Consult with the Dictionaries manual for more information how to use these options.