TL;DR
You can sometimes see a website’s files and folders by adding / to the end of its URL, or using online directory listing tools. However, this is often disabled for security reasons.
How to Browse Website Files & Folders
- Try Adding a Slash: The simplest method is to add a forward slash (
/) to the end of the website’s address. For example, if the website ishttps://www.example.com, try visitinghttps://www.example.com/.- If directory listing is enabled on the server, you will see a list of files and folders in that directory.
- Most websites disable this feature for security reasons, so you’ll likely get an error message (like 403 Forbidden) or be redirected to the homepage.
- Try Common Directories: Some common directories might be enabled for listing even if the root directory isn’t.
/wp-content/(for WordPress sites – often contains images, themes and plugins)/images/or/img//css//js//fonts/
- Use Online Directory Listing Tools: Several websites offer tools to attempt directory listing.
- DirBuster: A popular tool for finding hidden files and directories. It requires downloading and installing software, and some technical knowledge.
# Example DirBuster command (simplified) - actual usage varies - Online Directory Scanners: Websites like SiteCheck or similar tools can scan a website for directory listings without requiring software installation.
Warning: Be cautious when using online scanners, as some may be unreliable or collect your data.
- DirBuster: A popular tool for finding hidden files and directories. It requires downloading and installing software, and some technical knowledge.
- Check the
robots.txtfile: This file tells search engines which parts of a website *not* to crawl. It might reveal directories that exist but are intentionally hidden from public view.- Visit
https://www.example.com/robots.txt - Look for lines starting with
Disallow:, as these indicate restricted areas. The presence of a directory here doesn’t guarantee listing is enabled, but it shows the directory exists.
- Visit
- Use Web Archives (Wayback Machine): The Wayback Machine (https://archive.org/web/) sometimes has snapshots of websites that include directory listings from past dates.
- Enter the website’s URL and browse through historical versions.
Important Considerations
- Security: Attempting to access files you don’t have permission to view is illegal and unethical. Only explore publicly accessible directories.
- Server Configuration: Directory listing is controlled by the website server (e.g., Apache, Nginx). Website owners can easily disable it for security reasons.
- File Extensions: Common file extensions you might see include
.html,.css,.js,.jpg,.png,.php, and others.