LinuxCommandLibrary

dirbuster

Discover web server directories and files

TLDR

Start in GUI mode

$ dirbuster -u [http://example.com]
copy

Start in headless (no GUI) mode
$ dirbuster -H -u [http://example.com]
copy

Set the file extension list
$ dirbuster -e [txt,html]
copy

Enable verbose output
$ dirbuster -v
copy

Set the report location
$ dirbuster -r [path/to/report.txt]
copy

SYNOPSIS

dirbuster

PARAMETERS

-h, --help
    Display brief usage information

DESCRIPTION

DirBuster is a Java-based multi-threaded graphical application for brute-forcing directories, files, and JSP pages on web servers. Developed as an OWASP project, it automates discovery of hidden resources by trying entries from wordlists against a target URL, analyzing HTTP responses for existence indicators like status codes (e.g., 200), content length, or titles.

Key features include customizable wordlists, recursive brute-forcing, forced extensions (e.g., .php, .bak), thread control for performance, proxy support, and filtering options. Launched from the Linux command line in distros like Kali, it opens an intuitive GUI for configuration—no extensive CLI needed. Popular in penetration testing (pentesting) to map web app attack surfaces, but noisy scans can trigger web application firewalls (WAFs) or IDS.

Ethical use requires authorization; it's ineffective against random names or rate-limited servers. Modern CLI alternatives like gobuster offer similar functionality with scripting ease.

CAVEATS

GUI-only tool: No advanced CLI options; all scans configured via interface. High traffic generation risks DoS detection or bans. Requires Java runtime. Use proxies/VPN for anonymity. Legal only on authorized targets.
Java args (e.g., -Xmx1024m) passed via command line affect JVM.

LAUNCHING

Run dirbuster in terminal to open GUI. Target setup: enter URL (e.g., http://example.com), load wordlist (e.g., /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt), set threads (default 10), start scan.

INSTALLATION

Kali/Debian: sudo apt install dirbuster. Standalone: Download JAR from OWASP, run java -jar DirBuster-*.jar.

HISTORY

OWASP project started ~2006 by Tim Strazzere. Version 1.0-RC3 (2011) final stable release. Declined due to GUI focus; succeeded by CLI tools amid Java security shifts. Bundled in Kali Linux since early versions for pentesting.

SEE ALSO

dirb(1), gobuster(1), ffuf(1), wfuzz(1)

Copied to clipboard