LinuxCommandLibrary

dirb

TLDR

Scan webserver using default wordlist

$ dirb [https://example.org]
copy
Scan using custom wordlist
$ dirb [https://example.org] [path/to/wordlist.txt]
copy
Scan non-recursively
$ dirb [https://example.org] -r
copy
Scan with custom user-agent and cookie
$ dirb [https://example.org] -a [user_agent_string] -c [cookie_string]
copy

SYNOPSIS

dirb url [wordlist] [options]

DESCRIPTION

dirb is a web content scanner that brute-forces directories and files on HTTP-based web servers. It uses dictionary-based attacks to discover hidden resources.
Commonly used in security testing and penetration testing to find unlinked content, backup files, and administrative interfaces.

PARAMETERS

-r

Don't search recursively
-a agent
Custom User-Agent string
-c cookie
Set cookie for requests
-H header
Add custom header
-o file
Output results to file
-z ms
Add delay between requests
-S
Silent mode (don't show tested words)

CAVEATS

Use only against authorized targets. Rate limiting may be needed to avoid detection. Default wordlists may not cover all cases. Part of security testing tools.

SEE ALSO

gobuster(1), nikto(1), dirbuster(1)

Copied to clipboard