LinuxCommandLibrary

dirb

Discover website directories and files

TLDR

Scan a webserver using the default wordlist

$ dirb [https://example.org]
copy

Scan a webserver using a custom wordlist
$ dirb [https://example.org] [path/to/wordlist.txt]
copy

Scan a webserver non-recursively
$ dirb [https://example.org] -r
copy

Scan a webserver using a specified user-agent and cookie for HTTP-requests
$ dirb [https://example.org] -a [user_agent_string] -c [cookie_string]
copy

SYNOPSIS

dirb [options] URL wordlist

PARAMETERS

-h, --help
    Display help and exit

-u URL, --url=URL
    Target URL (positional argument)

-w FILE, --wordlist=FILE
    Wordlist file (positional)

-r
    Don't follow HTTP redirects

-R
    Enable recursion

-X EXT, --extensions=EXT
    Append comma-separated extensions (e.g., .php,.html)

-x EXT
    Append single extension

-t N, --threads=N
    Number of concurrent threads (default 100)

-T TIMEOUT
    Connection timeout in ms (default 500)

-p PROXY
    Use HTTP/SOCKS4/SOCKS5 proxy

-P PORT
    Proxy port

-U USER:PASS
    HTTP Basic authentication

-o FILE
    Output log file

-D AGENT
    Custom User-Agent string

-z
    Enable gzip decompression

--non-recursive, -w
    Disable recursion (conflicts with -R)

DESCRIPTION

Dirb (DIRectory BBrute-forcer) is a powerful command-line tool for discovering hidden directories, files, and other web content on HTTP/HTTPS servers. It uses dictionary-based brute-forcing with customizable wordlists to enumerate unlinked paths by sending numerous HTTP requests and analyzing responses (e.g., non-404 status codes, content length changes).

Ideal for penetration testing and security audits, dirb supports multi-threading for speed, recursion, proxy usage, custom extensions (.php, .html, etc.), HTTP authentication, and gzip decompression. It categorizes findings by response codes (e.g., 200 OK, 403 Forbidden) and logs results with details like size and response time.

Unlike slower GUI tools, dirb is lightweight, scriptable, and integrates well with tools like Metasploit. Users must supply a base URL and wordlist; common lists are in /usr/share/dirb/wordlists/. It's part of Kali Linux but installable via apt on Debian-based systems.

CAVEATS

Generates high network traffic; risk of rate-limiting, bans, or DoS. Use ethically with permission only. Not for HTTPS without proper cert handling.

DEFAULT WORDLISTS

Pre-installed in /usr/share/dirb/wordlists/ (e.g., common.txt, big.txt, vulgar.txt)

SIGNATURES

Custom response signature files with -O file.sig for advanced filtering by content length/status

HISTORY

Developed by Pablo Blanco ('The Dark Raver') around 2005-2006. Integrated into BackTrack Linux, now standard in Kali Linux for web pentesting. Actively maintained with updates for modern HTTP features.

SEE ALSO

gobuster(1), ffuf(1), wfuzz(1), nikto(1)

Copied to clipboard