What Is Targeted Bruteforcing?

Targeted bruteforcing in content discovery is a lesser-known and more sophisticated technique of bruteforcing. It is also a more effective approach and it likely also yields more accurate results.

In content discovery, targeted bruteforcing consists of 2 separate steps. The first step is to identify the technologies used by the target. The second step is loading a matching wordlist that then could be used for bruteforcing.

An example would be a website that is hosted on an IIS web server that is written in ASP.NET. Having a wordlist that is curated specifically for IIS targets will yield not only more but also better results in general.

Compared to non-targeted bruteforcing where a generic wordlist is selected, regardless of the target.