Web Application

Enumerate Hidden Directories, Files, and Admin Interfaces

Most attack surface is hidden in paths the public doesn't know about — /admin, /.git, /backup, /config, /.env. The scanner probes a curated wordlist against any target and reports everything that returns 200 / 301 / 401.

Try Directory Bruteforce Now Talk to an Expert

Try Directory Bruteforce

Target URL

Wordlist

File Extensions

How It Works

From target input to actionable findings in three straightforward steps.

Enter Base URL

The scanner will probe paths under this base.

Curated Wordlist

Tens of thousands of entries covering dotfiles, admin panels, backup files, CMS paths, and developer-oriented debug endpoints.

Status-Coded Results

Only meaningful responses (200 / 301 / 401 / 403) are shown so you can focus on real hits.

Key Capabilities

Purpose-built scanning backed by real penetration testing expertise.

Curated Wordlist

Battle-tested entries that map to real-world leaks — dotfiles, cloud metadata paths, legacy CMS directories.

Smart Filtering

Ignores soft-404 responses by fingerprinting the default-error template.

Status-Based Grouping

Results sorted by status code so authentication-protected paths surface next to public ones.

Pacing Control

Polite defaults for production; can be sped up for dev / staging.

Dotfile Emphasis

Probes /.git, /.env, /.DS_Store, /.svn, /.htaccess and similar high-risk leaks.

No Install

Runs server-side. No ffuf / gobuster setup needed.

Common Use Cases

Pre-release audit to catch dev leftovers in production

Spot /.env and /.git exposure

Find forgotten admin panels and backup files

Check whether a deploy re-exposed a legacy CMS

Reconnaissance for authorized pentests

Regression test after an nginx configuration change

Why Use Pentestas

Security tools built by penetration testers, not just developers.

Enterprise-Grade Accuracy

Our scanning engine is built on the same methodologies our penetration testers use in manual engagements, tuned to minimize false positives and surface genuine risk.

Fast, Actionable Results

Get findings in minutes rather than days. Every result includes severity ratings, technical evidence, and clear remediation steps your team can act on immediately.

Continuous Monitoring

Schedule recurring scans from the Pentestas platform to catch regressions before they reach production. Stay ahead of new CVEs and configuration drift.

Privacy First

Your scan data is encrypted at rest and in transit. You own your data, with full control over retention and export.

Detailed Reporting

Export findings as PDF, CSV, or JSON. Feed results directly into your SIEM, ticketing system, or CI/CD pipeline through our REST API.

Instant Setup

Run scans directly from your browser. Enter a target, click scan, and receive results. Ready in under a minute.

Start scanning with Directory Bruteforce today

Create a free account and run your first scan in under a minute. Full platform access during your 14-day trial.

Launch Free Scan Request a Pentest Quote

Frequently Asked Questions

Is this rate-limited?

Two free scans per IP per day on this tool. Run against your own or authorized targets only.

Will it trigger WAFs?

Aggressive wordlists can trip WAFs and rate limiters. Default settings are conservative.

Can I upload my own wordlist?

The free tool uses the curated list. Custom wordlists are available in the paid engine.