LinuxCommandLibrary

dirsearch

Discover web server directories and files

TLDR

Scan a web server for common paths with common extensions

$ dirsearch [[-u|--url]] [url] --extensions-list
copy

Scan a list of web servers for common paths with given file extensions
$ dirsearch [[-l|--url-list]] [path/to/url-list.txt] [[-e|--extensions]] [php,jsp,aspx,...]
copy

Scan a web server for user-defined paths with common extensions
$ dirsearch [[-u|--url]] [url] --extensions-list [[-w|--wordlists]] [path/to/url-paths.txt,path/to/url-paths.txt,...]
copy

Scan a web server using a cookie
$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] --cookie [cookie]
copy

Scan a web server using the HEAD HTTP method
$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] [[-m|--http-method]] [HEAD]
copy

Scan a web server, saving the results to a .json file
$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] --json-report [path/to/report.json]
copy

SYNOPSIS

dirsearch.py -u <target URL> -w <wordlist> [options]

PARAMETERS

-u, --url
    Target URL: The URL of the web server to scan.

-w, --wordlist
    Wordlist path: Path to the wordlist file containing potential directory and file names.

-e, --extensions
    File extensions: List of file extensions to search for (e.g., php, html, js).

-t, --threads
    Number of threads: Sets the number of concurrent threads to use for faster scanning.

--exclude-status
    Exclude status codes: HTTP status codes to exclude from the results (e.g., 404, 302).

--user-agent
    Custom user agent: Set a custom User-Agent header for requests.

--proxy
    Proxy address: Use a proxy server for requests (e.g., http://127.0.0.1:8080).

--timeout
    Request timeout: Maximum time in seconds to wait for a response from the server.

--recursive
    Recursive scan: Enable recursive scanning of discovered directories.

--force-extensions
    Force extension: Add extensions to every directory in the wordlist

DESCRIPTION

Dirsearch is a command-line tool designed to brute-force directories and files on web servers.
It's primarily used in penetration testing and security auditing to discover hidden or unlinked content that might be vulnerable or contain sensitive information.
By sending numerous HTTP requests with different path variations (based on wordlists), it attempts to identify existing resources on the target web server.
The tool is highly configurable, allowing users to specify various parameters such as the target URL, wordlists to use, file extensions to search for, request delays, and the number of concurrent threads.
It supports different HTTP methods (GET, POST, etc.), custom headers, and proxy configurations.
Dirsearch is a valuable tool for security professionals and ethical hackers looking to assess the security posture of web applications and identify potential attack surfaces.

CAVEATS

Dirsearch generates a large number of HTTP requests, which might be flagged as malicious activity by firewalls or intrusion detection systems. Use with caution and respect the target's terms of service. Rate limiting is crucial.

WORDLIST SELECTION

The effectiveness of Dirsearch heavily depends on the quality and relevance of the wordlist used.
Consider using multiple wordlists or customizing them based on the target application to increase the chances of finding hidden resources.

AVOIDING FALSE POSITIVES

Due to dynamic pages returning HTTP 200 even if a directory doesn't exists you might want to use intelligent wordlists and/or filter results using exclude-status and exclude-text in order to minimize false positives.

HISTORY

Dirsearch has been developed and improved over time by various contributors within the open-source security community, initially stemming from the need for an efficient directory brute-forcing tool, expanding in its functionality to keep up with evolving web application security trends.

SEE ALSO

nmap(1), curl(1), wget(1)

Copied to clipboard