dirsearch

Scan a web server for common paths with common extensions

$ dirsearch [[-u|--url]] [url] --extensions-list

$ dirsearch [[-l|--url-list]] [path/to/url-list.txt] [[-e|--extensions]] [php,jsp,aspx,...]

$ dirsearch [[-u|--url]] [url] --extensions-list [[-w|--wordlists]] [path/to/url-paths1.txt,path/to/url-paths2.txt,...]

$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] --cookie [cookie]

$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] [[-m|--http-method]] [HEAD]

$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] --json-report [path/to/report.json]

dirsearch {-u URL | -l file} [options]

-u URL, --url URL
    Specifies the target URL(s) to scan. Multiple URLs can be provided separated by commas.

-l FILE, --url-list FILE
    Provides a path to a file containing a list of target URLs, one URL per line.

-e EXTENSIONS, --extensions EXTENSIONS
    Adds file extensions to test for (e.g., 'php,asp,html').

-w WORDLIST, --wordlist WORDLIST
    Sets the path to a custom wordlist file for brute-forcing.

-t THREADS, --threads THREADS
    Configures the number of concurrent threads to use for scanning, affecting speed and stealth.

-r, --recursive
    Enables recursive scanning of discovered directories.

-p PROXY, --proxy PROXY
    Specifies an HTTP/S proxy to use for requests (e.g., 'http://127.0.0.1:8080').

-H HEADERS, --headers HEADERS
    Allows adding custom HTTP headers to requests (e.g., 'Cookie: foo=bar,X-Forwarded-For: 1.1.1.1').

-A USER_AGENT, --user-agent USER_AGENT
    Sets a custom User-Agent string for all requests.

--cookie COOKIE
    Sets a custom cookie header for all requests.

-S STATUS, --status STATUS
    Filters results to include only specified HTTP status codes (e.g., '200,301,403').

-D STATUS, --exclude-status STATUS
    Filters results to exclude specified HTTP status codes.

-o FILE, --report FILE
    Saves the scan results to a specified file.

--format FORMAT
    Sets the output format for the report file (e.g., 'json', 'xml', 'csv', 'simple').

dirsearch is a powerful command-line tool designed for brute-forcing directories and files on web servers. It systematically checks a predefined list of paths (a wordlist) against a target URL to discover hidden or unlinked resources.

This utility is widely used by penetration testers, security auditors, and developers to identify forgotten administration panels, sensitive files, vulnerable configurations, or other accessible resources that might expose security weaknesses. dirsearch supports various features including multi-threading for speed, proxy integration, custom HTTP headers and user agents, recursive scanning, filtering by HTTP status codes, and specifying file extensions. Its ability to generate reports in different formats makes it an essential tool for comprehensive web application security assessments.

dirsearch generates a significant amount of network traffic and can be considered intrusive. It should only be used on systems for which you have explicit authorization. Its aggressive nature can trigger Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS), potentially leading to a ban or alert. Relying solely on wordlists may result in false negatives if the target paths are not included. Care should be taken to manage the number of threads and delays to avoid overwhelming the target server or being detected.

dirsearch is primarily a Python-based tool and can be installed via `pip` or by cloning its GitHub repository.
While it comes with default wordlists, users can supply custom wordlists tailored to specific targets or technologies. For effective and stealthy operations, it's often recommended to use dirsearch in conjunction with a proxy like Burp Suite, allowing for traffic inspection and modification.

To evade detection, users can leverage options like random User-Agents, custom headers, and delays between requests. Recursive scanning and specifying file extensions can significantly deepen the search, revealing more obscure or hidden assets.

dirsearch originated as an open-source project written in Python, gaining significant traction within the cybersecurity community due to its efficiency and flexibility in web directory brute-forcing. It has been continuously developed and maintained on GitHub, with ongoing updates that add new features and improve performance. Its inclusion in popular penetration testing distributions like Kali Linux has cemented its status as a go-to tool for web application reconnaissance and vulnerability assessment.

gobuster(1), ffuf(1), nikto(1)