Dirsearch
Jump to navigation
Jump to search
Description
dirsearch is a simple command line tool designed to brute force directories and files in websites.
Installation
$ git clone https://github.com/maurosoria/dirsearch.git $ cd dirsearch/
Usage
Syntax
python3 dirsearch.py -u <URL> -e <EXTENSION>
Options
Mandatory
- -u URL, --url=URL
- URL target
- -L URLLIST, --url-list=URLLIST
- URL list target
- -e EXTENSIONS, --extensions=EXTENSIONS
- Extension list separated by comma (Example: php,asp)
- -E, --extensions-list
- Use predefined list of common extensions
Dictionary Settings
- -w WORDLIST, --wordlist=WORDLIST
- Customize wordlist (separated by comma)
- -l, --lowercase
- -f, --force-extensions
- Force extensions for every wordlist entry (like in DirBuster)
General Settings
- -h, --help
- show this help message and exit
- -s DELAY, --delay=DELAY
- Delay between requests (float number)
- -r, --recursive
- Bruteforce recursively
- -R RECURSIVE_LEVEL_MAX, --recursive-level-max=RECURSIVE_LEVEL_MAX
- Max recursion level (subdirs) (Default: 1 [only rootdir + 1 dir])
- --suppress-empty, --suppress-empty
- --scan-subdir=SCANSUBDIRS, --scan-subdirs=SCANSUBDIRS
- Scan subdirectories of the given -u|--url (separated by comma)
- --exclude-subdir=EXCLUDESUBDIRS, --exclude-subdirs=EXCLUDESUBDIRS
- Exclude the following subdirectories during recursive scan (separated by comma)
- -t THREADSCOUNT, --threads=THREADSCOUNT
- Number of Threads
- -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
- Exclude status code, separated by comma (example: 301, 500)
- --exclude-texts=EXCLUDETEXTS
- Exclude responses by texts, separated by comma (example: "Not found", "Error")
- --exclude-regexps=EXCLUDEREGEXPS
- Exclude responses by regexps, separated by comma (example: "Not foun[a-z]{1}", "^Error$")
- -c COOKIE, --cookie=COOKIE
- --ua=USERAGENT, --user-agent=USERAGENT
- -F, --follow-redirects
- -H HEADERS, --header=HEADERS
- Headers to add (example: --header "Referer: example.com" --header "User-Agent: IE"
- --random-agents, --random-user-agents
Connection Settings
- --timeout=TIMEOUT
- Connection timeout
- --ip=IP
- Resolve name to IP address
- --proxy=HTTPPROXY, --http-proxy=HTTPPROXY
- Http Proxy (example: localhost:8080
- --http-method=HTTPMETHOD
- Method to use, default: GET, possible also: HEAD;POST
- --max-retries=MAXRETRIES
- -b, --request-by-hostname
- By default dirsearch will request by IP for speed.
- This forces requests by hostname
Reports
- --simple-report=SIMPLEOUTPUTFILE
- Only found paths
- --plain-text-report=PLAINTEXTOUTPUTFILE
- Found paths with status codes
- --json-report=JSONOUTPUTFILE
Example
$ ./dirsearch.py -u http://10.10.248.154:3000 -w /opt/wordlists/directory-list-2.3-medium.txt -e php,html _|. _ _ _ _ _ _|_ v0.3.9 (_||| _) (/_(_|| (_| ) Extensions: php, html | HTTP method: get | Threads: 10 | Wordlist size: 220521 Error Log: /opt/dirsearch/logs/errors-20-05-01_14-09-43.log Target: http://10.10.248.154:3000 [14:14:37] Starting: [14:14:38] 302 - 28B - / -> /login [14:14:38] 302 - 28B - /home -> /login [14:14:38] 200 - 2KB - /login [14:14:41] 302 - 27B - /admin -> /home [14:14:41] 302 - 28B - /Home -> /login [14:14:41] 301 - 179B - /assets -> /assets/ [14:14:45] 301 - 173B - /css -> /css/ [14:14:49] 200 - 2KB - /Login [14:14:50] 301 - 171B - /js -> /js/ [14:14:54] 302 - 28B - /logout -> /login [14:15:26] 200 - 2KB - /sysadmin