dirsearch

Scan a web server for common paths with common extensions

$ dirsearch [[-u|--url]] [url] --extensions-list

$ dirsearch [[-l|--url-list]] [path/to/url-list.txt] [[-e|--extensions]] [php,jsp,aspx,...]

$ dirsearch [[-u|--url]] [url] --extensions-list [[-w|--wordlists]] [path/to/url-paths.txt,path/to/url-paths.txt,...]

$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] --cookie [cookie]

$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] [[-m|--http-method]] [HEAD]

$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] --json-report [path/to/report.json]

dirsearch.py -u <target URL> -w <wordlist> [options]

-u, --url
    Target URL: The URL of the web server to scan.

-w, --wordlist
    Wordlist path: Path to the wordlist file containing potential directory and file names.

-e, --extensions
    File extensions: List of file extensions to search for (e.g., php, html, js).

-t, --threads
    Number of threads: Sets the number of concurrent threads to use for faster scanning.

--exclude-status
    Exclude status codes: HTTP status codes to exclude from the results (e.g., 404, 302).

--user-agent
    Custom user agent: Set a custom User-Agent header for requests.

--proxy
    Proxy address: Use a proxy server for requests (e.g., http://127.0.0.1:8080).

--timeout
    Request timeout: Maximum time in seconds to wait for a response from the server.

--recursive
    Recursive scan: Enable recursive scanning of discovered directories.

--force-extensions
    Force extension: Add extensions to every directory in the wordlist

Dirsearch is a command-line tool designed to brute-force directories and files on web servers.
It's primarily used in penetration testing and security auditing to discover hidden or unlinked content that might be vulnerable or contain sensitive information.
By sending numerous HTTP requests with different path variations (based on wordlists), it attempts to identify existing resources on the target web server.
The tool is highly configurable, allowing users to specify various parameters such as the target URL, wordlists to use, file extensions to search for, request delays, and the number of concurrent threads.
It supports different HTTP methods (GET, POST, etc.), custom headers, and proxy configurations.
Dirsearch is a valuable tool for security professionals and ethical hackers looking to assess the security posture of web applications and identify potential attack surfaces.

Dirsearch generates a large number of HTTP requests, which might be flagged as malicious activity by firewalls or intrusion detection systems. Use with caution and respect the target's terms of service. Rate limiting is crucial.

The effectiveness of Dirsearch heavily depends on the quality and relevance of the wordlist used.
Consider using multiple wordlists or customizing them based on the target application to increase the chances of finding hidden resources.

Due to dynamic pages returning HTTP 200 even if a directory doesn't exists you might want to use intelligent wordlists and/or filter results using exclude-status and exclude-text in order to minimize false positives.

Dirsearch has been developed and improved over time by various contributors within the open-source security community, initially stemming from the need for an efficient directory brute-forcing tool, expanding in its functionality to keep up with evolving web application security trends.

nmap(1), curl(1), wget(1)