Gobuster
Gobuster Gobuster is the high-speed directory brute-forcer that slams wordlists against URLs, vhosts, or DNS for hidden paths, supporting extensions and status filters for clean hits in recon. Run its Go CLI with -w for dicts and -x for file types, recursing on discoveries for deep mapping. Open-source from OJ, it's the path pounder for pentesters templating brute-force into web footprints.
Explore →ffuf
ffuf ffuf is the versatile fuzzer for directory and param discovery, mutating wordlists with recursion and filters to uncover admin panels or API endpoints in seconds. Configure via CLI with -u for URLs and -w for payloads, exporting JSON for chained tools. Open-source Go gem from ffuf, it's the mutation maestro for web explorers carving paths with precision.
Explore →Dirsearch
Dirsearch Dirsearch is the recursive directory enumerator that deploys wordlists with extensions, detecting 301s or 403s for mapping app structures without excessive noise. Launch its Python CLI on scopes with --random-agent for stealth, saving CSV for follow-ups. Open-source from maurosoria, it's the dir diver for recon pros wordlisting hidden realms.
Explore →Feroxbuster
Feroxbuster Feroxbuster is the Rust-powered recursive fuzzer with auto-calibration, wordlisting directories and files with status/recursion filters for high-fidelity web asset discovery. Tune via CLI with --auto-tune and --limit-rate, outputting structured data for pipelines. Open-source from michenriksen, it's the ferret for fuzzers sniffing param trails relentlessly.
Explore →Dirb
Dirb Dirb is the classic CGI scanner that brute-forces directories with wordlists, detecting hidden files or inputs via speed and extension support for thorough web crawling. Run its Perl CLI with common.txt dicts, filtering codes for focused outputs. Open-source from The Dark Raver, it's the OG enumerator for old-school pentesters mapping paths the hard way.
Explore →Hakrawler
Hakrawler Hakrawler is the fast JS-aware crawler that extracts URLs and paths from responses, wordlisting links for directory discovery without brute-force overhead. Run its Go binary on seeds with -depth for recursion, outputting plain text for wfuzz chains. Open-source from hakluke, it's the link liberator for recon pros templating passive path gathering.
Explore →Gospider
Gospider Gospider is the lightning crawler that wordlists JS-rendered paths and subdomains, discovering directories with depth control and scope limits for focused web recon. Launch its Go CLI with -s for sites and -t for threads, exporting for further fuzzing. Open-source from jaeles-project, it's the spider speedster for pentesters scaling path hunts dynamically.
Explore →Katana
Katana Katana is the next-gen crawler for URL and path enum, wordlisting from sitemaps/robots with JS support to uncover directories and params in modern SPAs. Run its Go binary with -u for seeds and -jc for JS crawling, filtering outputs for clean lists. Open-source from projectdiscovery, it's the cutting-edge cartographer for web mappers templating discovery.
Explore →dirfuzz
Dirfuzz dirfuzz is the simple Python fuzzer for directories, wordlisting paths with extensions and response analysis for detecting hidden admin or backup files. Configure dicts via CLI, running recursive modes for depth, and log 200s for review. Open-source from community, it's the fuzz foundation for beginners building path discovery skills.
Explore →LinkFinder