dirb
Scan HTTP-based webservers for directories and files.
TLDR
Scan a webserver using the default wordlist
Scan a webserver using a custom wordlist
Scan a webserver non-recursively
Scan a webserver using a specified user-agent and cookie for HTTP-requests
SYNOPSIS
dirb <url_base> <url_base> [<wordlist_file(s)>] [options]
DESCRIPTION
DIRB IS a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary basesd attack against a web server and analizing the response.
OPTIONS
- -a <agent_string>
Specify your custom USER_AGENT. (Default is: "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)")
- -b
Don't squash or merge sequences of /../ or /./ in the given URL.
- -c <cookie_string>
Set a cookie for the HTTP request.
- -E <certificate>
Use the specified client certificate file.
- -f
Fine tunning of NOT_FOUND (404) detection.
- -H <header_string>
Add a custom header to the HTTP request.
- -i
Use case-insensitive Search.
- -l
Print "Location" header when found.
- -N <nf_code>
Ignore responses with this HTTP code.
- -o <output_file>
Save output to disk.
- -p <proxy[:port]>
Use this proxy. (Default port is 1080)
- -P <proxy_username:proxy_password>
Proxy Authentication.
- -r
Don't Search Recursively.
- -R
Interactive Recursion. (Ask in which directories you want to scan)
- -S
Silent Mode. Don't show tested words. (For dumb terminals)
- -t
Don't force an ending '/' on URLs.
- -u <username:password>
Username and password to use.
- -v
Show Also Not Existent Pages.
- -w
Don't Stop on WARNING messages.
- -x <extensions_file>
Amplify search with the extensions on this file.
- -X <extensions>
Amplify search with this extensions.
- -z <milisecs>
Amplify search with this extensions.
SEE ALSO
brain(x)