dirsearch
Discover web server directories and files
TLDR
Scan a web server for common paths with common extensions
Scan a list of web servers for common paths with given file extensions
Scan a web server for user-defined paths with common extensions
Scan a web server using a cookie
Scan a web server using the HEAD HTTP method
Scan a web server, saving the results to a .json file
SYNOPSIS
dirsearch.py -u <target URL> -w <wordlist> [options]
PARAMETERS
-u, --url
Target URL: The URL of the web server to scan.
-w, --wordlist
Wordlist path: Path to the wordlist file containing potential directory and file names.
-e, --extensions
File extensions: List of file extensions to search for (e.g., php, html, js).
-t, --threads
Number of threads: Sets the number of concurrent threads to use for faster scanning.
--exclude-status
Exclude status codes: HTTP status codes to exclude from the results (e.g., 404, 302).
--user-agent
Custom user agent: Set a custom User-Agent header for requests.
--proxy
Proxy address: Use a proxy server for requests (e.g., http://127.0.0.1:8080).
--timeout
Request timeout: Maximum time in seconds to wait for a response from the server.
--recursive
Recursive scan: Enable recursive scanning of discovered directories.
--force-extensions
Force extension: Add extensions to every directory in the wordlist
DESCRIPTION
Dirsearch is a command-line tool designed to brute-force directories and files on web servers.
It's primarily used in penetration testing and security auditing to discover hidden or unlinked content that might be vulnerable or contain sensitive information.
By sending numerous HTTP requests with different path variations (based on wordlists), it attempts to identify existing resources on the target web server.
The tool is highly configurable, allowing users to specify various parameters such as the target URL, wordlists to use, file extensions to search for, request delays, and the number of concurrent threads.
It supports different HTTP methods (GET, POST, etc.), custom headers, and proxy configurations.
Dirsearch is a valuable tool for security professionals and ethical hackers looking to assess the security posture of web applications and identify potential attack surfaces.
CAVEATS
Dirsearch generates a large number of HTTP requests, which might be flagged as malicious activity by firewalls or intrusion detection systems. Use with caution and respect the target's terms of service. Rate limiting is crucial.
WORDLIST SELECTION
The effectiveness of Dirsearch heavily depends on the quality and relevance of the wordlist used.
Consider using multiple wordlists or customizing them based on the target application to increase the chances of finding hidden resources.
AVOIDING FALSE POSITIVES
Due to dynamic pages returning HTTP 200 even if a directory doesn't exists you might want to use intelligent wordlists and/or filter results using exclude-status and exclude-text in order to minimize false positives.
HISTORY
Dirsearch has been developed and improved over time by various contributors within the open-source security community, initially stemming from the need for an efficient directory brute-forcing tool, expanding in its functionality to keep up with evolving web application security trends.