dirsearch

Scan a web server for common paths with common extensions

$ dirsearch [[-u|--url]] [url] --extensions-list

$ dirsearch [[-l|--url-list]] [path/to/url-list.txt] [[-e|--extensions]] [php,jsp,aspx,...]

$ dirsearch [[-u|--url]] [url] --extensions-list [[-w|--wordlists]] [path/to/url-paths1.txt,path/to/url-paths2.txt,...]

$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] --cookie [cookie]

$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] [[-m|--http-method]] [HEAD]

$ dirsearch [[-u|--url]] [url] [[-e|--extensions]] [php] --json-report [path/to/report.json]

dirsearch [options]

-u URL, --url=URL
    Target base URL (e.g., http://example.com)

-l WORDLIST, --wordlist=WORDLIST
    Path to wordlist file

-e EXTS, --extensions=EXTS
    File extensions to test (comma-separated, default: php,html,aspx,etc.)

-x EXTS, --exclude-extensions=EXTS
    Extensions to exclude

-t N, --threads=N
    Number of concurrent threads (default: 25)

--delay=DELAY
    Delay between requests in seconds

-r, --recursive
    Follow and scan discovered directories

--deep-recursion
    Enable deep recursion (scan subdirs deeply)

--random-agent
    Use random User-Agent headers

-o FILE, --output=FILE
    Output file

--format=FORMAT
    Output format: plain, csv, json, xml (default: plain)

--exclude-sizes=SIZES
    Exclude responses by content length (comma-separated)

-E, --exclude-status-codes=CODES
    Exclude HTTP status codes

--exclude-text=STRINGS
    Exclude responses containing strings

--proxy=PROXY
    Use HTTP proxy (e.g., http://127.0.0.1:8080)

--header=HEADER
    Custom header (repeatable)

-T TIMEOUT, --timeout=TIMEOUT
    Request timeout in seconds (default: 10)

-h, --help
    Show help

--version
    Show version

Dirsearch is a highly configurable command-line tool written in Python for brute-forcing directories and files on web servers. It discovers hidden paths, backups, and sensitive files by sending requests from a wordlist against a target URL. Unlike slower Java-based tools like DirBuster, dirsearch uses multithreading for speed, supports custom extensions, recursion, and various evasion techniques like random agents and delays. It reports status codes, response sizes, and content keywords to identify valid paths. Ideal for penetration testing and security assessments, it outputs results to console or files in formats like JSON, CSV, or HTML. Users specify a base URL, wordlist (e.g., common directories), file extensions (php, html), threads, and filters for exclusions. It handles HTTPS, custom headers, and authentication. While powerful, ethical use requires permission to avoid legal issues. Supports proxies for anonymity and rate limiting to evade WAFs.

Key strengths include speed (1000+ req/s), low false positives via heuristics, and extensibility via plugins.

Requires Python 3; use only with permission on targets to avoid ToS violations or legal issues. High thread counts may trigger WAFs or rate limits. Not for production without consent. Wordlists must be downloaded separately (e.g., SecLists).

pip3 install dirsearch or git clone https://github.com/maurosoria/dirsearch.git
cd dirsearch
pip3 install -r requirements.txt
python3 dirsearch.py

dirsearch -u http://example.com -e php,asp -w /usr/share/wordlists/dirb/common.txt -t 50 --random-agent

Developed by Mauro Soria, first released on GitHub in 2016 as a Python alternative to slow tools like DirBuster. Actively maintained with v0.4+ adding JSON output, recursion improvements, and WAF evasion. Widely used in Kali Linux pentesting distros.

curl(1), wget(1), gobuster(1)