A

Summer Internship Report

On
Cyber Security / Ethical
By: Shikhar Tripathi-2201220100149
Sanskar Gupta-2201220100140
Shanvi Srivastava-2201220100146
Prakhar Srivastava-2201220100120
Prachi Sharma-2201220100115
Sanskar Omer-2201220100141

University name
Shri Ramswaroop Memorial college of
Engineering and Management
Course: Bachelor of Technology

Session:- 2022-2026
 Self Certificate
This is to certify the Project Report “Cyber
Security” done by me is an authentic work carried
out for the partial fulfilment of the requirements for
the award of degree of B-tech (CSE).
Cyber Security (2020-2023) under the guidance
of Aayush Rehal & Sapna Gupta, Cybersecurity
Instructor.
 Acknowledgement
With candour and pleasure I take opportunity too express my
sincere thanks and obligation to my esteemed guide Aayush
Rehal & Sapna Gupta. It is because of his able and mature
guidance and co-operation without which it would not have been
possible for me to complete my project.
It is my pleasant duty to thank all the staff member of the
computer center who never hesitated me from time to time
during the project.
Thank You!.

-Akash Kumar
 Abstract
Cybersecurity is the protection of internet-connected systems such as hardware, software and
data from cyber threats. The practice is used by individuals and enterprises to protect against
unauthorized access to data centers and other computerized systems.

A strong cybersecurity strategy can provide a good security posture against malicious attacks
designed to access, alter, delete, destroy or extort an organization's or user's systems and
sensitive data. Cybersecurity is also instrumental in preventing attacks that aim to disable or
disrupt a system's or device's operations.

With an increasing number of users, devices and programs in the modern enterprise, combined
with the increased deluge of data -- much of which is sensitive or confidential -- the importance
of cybersecurity continues to grow. The growing volume and sophistication of cyber attackers
and attack techniques compound the problem even further.

Ethical hacking is an authorized practice of detecting vulnerabilities in an application, system, or

organization’s infrastructure and bypassing system security to identify potential data
breaches and threats in a network. Ethical hackers aim to investigate the system or network for
weak points that malicious hackers can exploit or destroy. They can improve the security
footprint to withstand attacks better or divert them.

The company that owns the system or network allows Cyber Security engineers to perform such
activities in order to test the system’s defenses. Thus, unlike malicious hacking, this process is
planned, approved, and more importantly, legal.

Ethical hackers aim to investigate the system or network for weak points that malicious hackers
can exploit or destroy. They collect and analyze the information to figure out ways to strengthen
the security of the system/network/applications. By doing so, they can improve the security
footprint so that it can better withstand attacks or divert them.

Ethical hackers are hired by organizations to look into the vulnerabilities of their systems and
networks and develop solutions to prevent data breaches. Consider it a high-tech permutation of
the old saying “It takes a thief to catch a thief.”
From a technical standpoint, Ethical Hacking is the process of bypassing or cracking security
measures implemented by a system to find out vulnerabilities, data breaches, and potential
threats. It is only deemed ethical if the regional or organizational cyber laws/rules are followed.
This job is formally known as penetration testing. As the name suggests, this practice involves
trying to infiltrate the system and documenting the steps involved in it.

Table of Contents

1. Introduction

2. Overview of DirBuster

2.1 What is DirBuster?

2.2 Importance of Directory and File Enumeration

2.3 Features of DirBuster

3. Overview of VirtualBox

3.1 What is VirtualBox?

3.2 Virtualization Concepts

3.3 VirtualBox Features and Use Cases

4. Installing VirtualBox

4.1 System Requirements

4.2 Installation Steps

4.3 Setting Up a Virtual Machine (VM)

5. Installing DirBuster on VirtualBox

5.1 Setting Up an Operating System in the VM

5.2 Downloading DirBuster

5.3 Installing Java for DirBuster

5.4 Running DirBuster in VirtualBox

6. Understanding DirBuster Operations

6.1 How DirBuster Works

6.2 Default Wordlists

6.3 Recursive Searching

7. Practical Example: Using DirBuster for Directory Enumeration

7.1 Target Setup in VirtualBox (Web Server Simulation)

7.2 Configuring DirBuster for Scanning

7.3 Interpreting Scan Results

8. Performance Analysis

8.1 DirBuster Performance in a Virtualized Environment

8.2 Impact of System Resources on Scanning Efficiency

8.3 Best Practices for Running DirBuster in VirtualBox

9. Security and Ethical Considerations

9.1 Legal Aspects of Directory Enumeration

9.2 Responsible Disclosure

9.3 Ethical Hacking Practices

10. Limitations of DirBuster

10.1 False Positives and Negatives

10.2 Large-Scale Directory Enumeration

10.3 Alternatives to DirBuster

11. Conclusion

11.1 Summary of Findings

11.2 Future Directions for Research

12. References

13. Appendices
 Introduction
In this section, describe the scope and objectives of the
report. Discuss how cybersecurity professionals use tools like
DirBuster for penetration testing. Mention the use of virtualized
environments for safe and isolated testing, using VirtualBox as
the example for this project. Introduce the reader to the
importance of directory and file enumeration in the context of
cybersecurity.

Expand with background information about the need for

virtualized environments in cybersecurity to make the section
more comprehensive.
 Overview of DirBuster

2.1 What is DirBuster?

Provide a brief history and explanation of DirBuster,

emphasizing how it is a GUI-based tool used to brute force
directories and files on web servers. Mention the tool's open-
source nature and its role in penetration testing.

2.2 Importance of Directory and File Enumeration

Discuss why discovering hidden directories and files is

crucial during a penetration test. Highlight how misconfigured
web servers may inadvertently expose sensitive information.

2.3 Features of DirBuster

Cover key features such as:

Customizable wordlists
 Recursive directory searches

Multithreaded scanning

Each feature should be described in detail to take up space

and provide in-depth knowledge.

---
 Overview of VirtualBox

3.1 What is VirtualBox?

Introduce VirtualBox, emphasizing that it is an open-source

hypervisor for running virtual machines. Explain how
VirtualBox allows multiple operating systems to run on a single
hardware platform.

3.2 Virtualization Concepts

Briefly explain the concept of virtualization, hypervisors,

virtual machines, and how these relate to cybersecurity testing.

3.3 VirtualBox Features and Use Cases

Discuss some of the most important features of VirtualBox:

 Snapshot functionality

Shared folders

Virtual Networking Expand on how these features make it

suitable for setting up a penetration testing environment.

---
 Installing VirtualBox

4.1 System Requirements

List the minimum system requirements to run VirtualBox.

Go into details about how hardware resources like RAM, CPU
cores, and disk space can impact VM performance.

4.2 Installation Steps

Provide step-by-step instructions for installing VirtualBox

on popular operating systems (e.g., Windows, Linux). Include
screenshots where appropriate.

4.3 Setting Up a Virtual Machine (VM)

Explain the process of setting up a VM for testing

purposes. This could include choosing a Linux distribution,
assigning resources, and configuring virtual networking.
 Installing DirBuster on VirtualBox

5.1 Setting Up an Operating System in the VM

Walk through setting up a Linux environment in

VirtualBox. Focus on distributions like Kali Linux or Ubuntu,
commonly used for cybersecurity tasks.

5.2 Downloading DirBuster

Explain where to download DirBuster and provide

guidance on ensuring it’s downloaded from a trusted source.
 5.3 Installing Java for DirBuster

Since DirBuster is a Java-based tool, provide instructions

for installing Java on the Linux VM.

5.4 Running DirBuster in VirtualBox

Include step-by-step details on how to launch DirBuster,

including any configuration changes needed to optimize its
performance in a virtualized environment.
 Understanding DirBuster Operations

6.1 How DirBuster Works

 Explain the working principle of DirBuster: brute-forcing
URLs and file paths to discover hidden content on web servers.

6.2 Default Wordlists

Discuss DirBuster’s default wordlists, how they can be

customized, and the impact wordlist size has on scan time.

6.3 Recursive Searching

 Elaborate on recursive searching, where DirBuster dives
deeper into directories as it finds them.
 ---

Practical Example: Using DirBuster for Directory

Enumeration

7.1 Target Setup in VirtualBox (Web Server Simulation)

 Simulate a target environment by setting up a web server
(e.g., Apache) in another VM. This could include installing web
server software and hosting a vulnerable web application.

7.2 Configuring DirBuster for Scanning

 Explain how to configure DirBuster to scan the target web
server. Include details such as setting the number of threads,
wordlists, and depth for recursive scanning.

7.3 Interpreting Scan Results

Analyze the scan results, providing examples of what

discovered directories and files might mean in a real-world
penetration test. Expand on false positives and negatives to add
more depth.

---
 Performance Analysis

8.1 DirBuster Performance in a Virtualized Environment

Discuss how running DirBuster in a VM compares to

running it on native hardware. Mention any performance
impacts such as slower scans due to virtualized I/O operations.

8.2 Impact of System Resources on Scanning Efficiency

 Analyze how CPU, RAM, and disk speed influence
DirBuster’s performance in the virtual environment. Provide
charts or tables to support the analysis.

8.3 Best Practices for Running DirBuster in VirtualBox

Provide tips for optimizing DirBuster performance, such as

tweaking VirtualBox settings or adjusting DirBuster’s thread
count.

Security and Ethical Considerations

 9.1 Legal Aspects of Directory Enumeration

Discuss the legality of using tools like DirBuster in

penetration testing. Emphasize the need for proper authorization
before testing any system.

9.2 Responsible Disclosure

Explain the principles of responsible disclosure and how

security researchers should report vulnerabilities they discover.

9.3 Ethical Hacking Practices

Expand on the concept of ethical hacking and how tools

like DirBuster can be used responsibly within a legal and ethical
framework.

Limitations of DirBuster
 10.1 False Positives and Negatives

Explain some of the limitations of DirBuster in terms of

accuracy, including false positives (non-existent files being
reported) and false negatives (missed files).

10.2 Large-Scale Directory Enumeration

Discuss the challenges DirBuster faces when scanning

large or complex sites with numerous directories.

10.3 Alternatives to DirBuster

Provide a brief overview of alternative tools such as

Gobuster or FFUF, comparing their pros and cons.

Conclusion
 11.1 Summary of Findings

Summarize key takeaways from the project, focusing on

the practical aspects of using DirBuster in a virtualized
environment.

11.2 Future Directions for Research

Discuss potential improvements to the project, such as

experimenting with different wordlists or expanding to multi-
VM testing environments.

---

References
 Include all references used throughout the report, such as
documentation for VirtualBox, DirBuster, and other tools or
technologies mentioned.

---

Appendices
Screenshots of VirtualBox and DirBuster configurations