dirb

dirb url [wordlistfile] [options_]

dirb is a web content scanner that discovers existing and hidden web objects by launching dictionary-based attacks against a web server and analyzing the responses.
It is commonly used in penetration testing to find unlinked content, backup files, configuration files, and administrative interfaces. DIRB ships with several built-in wordlists located in `/usr/share/dirb/wordlists/`.

-a agent

Custom User-Agent string.

Don't squash or merge sequences of /../ or /./ in the given URL.

Set a cookie for HTTP requests.

Use the specified client certificate file.

Fine-tune NOT_FOUND (404) detection.

Add a custom header to the HTTP request.

Use case-insensitive search.

Print "Location" header when found.

Ignore responses with this HTTP code.

Save output to disk.

Use this proxy (default port: 1080).

Proxy authentication.

Don't search recursively.

Interactive recursion (ask which directories to scan).

Silent mode (don't show tested words).

Don't force an ending '/' on URLs.

HTTP authentication username and password.

Show also non-existent pages.

Don't stop on WARNING messages.

Amplify search with extensions from this file.

Amplify search with these extensions (e.g., ".php,.html").

Add delay in milliseconds between requests.

Use only against authorized targets. Unauthorized scanning may be illegal. Use `-z` for rate limiting to avoid detection or causing denial of service. Default wordlists may not cover all cases; custom wordlists improve results.

dirb was written by The Dark Raver and has been part of the Kali Linux security distribution. It is one of the original web content brute-forcing tools, predating modern alternatives like gobuster and feroxbuster.

gobuster(1), nikto(1), dirbuster(1), nmap(1), curl(1)