Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

DirSearch - Website Directory Scanner


DirSearch is a simple command line tool designed to brute force directories and files in websites.

Operating Systems Supported:

  • Windows XP/7/8/10
  • GNU/Linux
  • MacOSX

Features:

  • Multithreaded
  • Keep alive connections
  • Support for multiple extensions (-e|--extensions asp,php)
  • Reporting (plain text, JSON)
  • Heuristically detects invalid web pages
  • Recursive brute forcing
  • HTTP proxy support
  • User agent randomization
  • Batch processing
  • Request delaying

Usage:

Usage: dirsearch.py [-u|--url] target [-e|--extensions] extensions [options]

Options:
-h, --help show this help message and exit

Mandatory:
-u URL, --url=URL URL target
-L URLLIST, --url-list=URLLIST
URL list target
-e EXTENSIONS, --extensions=EXTENSIONS
Extension list separated by comma (Example: php,asp)

Dictionary Settings:
-w WORDLIST, --wordlist=WORDLIST
-l, --lowercase
-f, --force-extensions
Force extensions for every wordlist entry (like in
DirBuster)

General Settings:
-s DELAY, --delay=DELAY
Delay between requests
-r, --recursive Bruteforce recursively
--suppress-empty, --suppress-empty
--scan-subdir=SCANSUBDIRS, --scan-subdirs=SCANSUBDIRS
Scan subdirectories of the given -u|--url (separated
by comma)
--exclude-subdir=EXCLUDESUBDIRS, --exclude-subdirs=EXCLUDESUBDIRS
Exclude the following subdirectories during recursive
scan (separated by comma)
-t THREADSCOUNT, --threads=THREADSCOUNT
Number of Threads
-x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
Exclude status code, separated by comma (example: 301,
500)
-c COOKIE, --cookie=COOKIE
--ua=USERAGENT, --user-agent=USERAGENT
-F, --follow-redirects
-H HEADERS, --header=HEADERS
Headers to add (example: --header "Referer:
example.com" --header "User-Agent: IE"
--random-agents, --random-user-agents

Connection Settings:
--timeout=TIMEOUT Connection timeout
--ip=IP Resolve name to IP address
--proxy=HTTPPROXY, --http-proxy=HTTPPROXY
Http Proxy (example: localhost:8080
--max-retries=MAXRETRIES
-b, --request-by-hostname
By default dirsearch will request by IP for speed.
This forces requests by hostname

Reports:
--simple-report=SIMPLEOUTPUTFILE
Only found paths
--plain-text-report=PLAINTEXTOUTPUTFILE
Found paths with status codes
--json-report=JSONOUTPUTFILE
Dictionaries must be text files. Each line will be processed as such, except that the special word %EXT% is used, which will generate one entry for each Extension (-e | --extension) passed as an argument.

Example:
  • example/
  • example.%EXT%

Passing the extensions "asp" and "aspx" will generate the following dictionary:
  • example/
  • example.asp
  • example.aspx

You can also use -f | --force-extensions switch to append extensions to every word in the wordlists (like DirBuster).


Download DirSearch

You might also like:
  • Introspy(iOS) - Tool For Blackbox iOS App Analysis
  • LinEnum - Local Linux Enumeration & Privilege Escalation Script
  • Vulscan - Advanced Vulnerability Scanning with Nmap
  • pWeb Suite - Web Application Penetration Testing Toolkit
  • OWASP Bricks - Web Application Security Learning Platform
  • WebVulScan - Web Application Vulnerability Scanner
  • Zarp - Network Attack Tool
  • bWAPP - An Extremely Buggy Web App For Practising Hacking
  • bee-box - A Custom Linux VM Pre-installed with bWAPP
  • HconSTF - An Open Source Security Assessment Toolkit
  • pytbull - Intrusion Detection/Prevention System (IDS/IPS) Testing Framework
  • RIPS - Tool For Detecting Vulnerabilities in PHP Applications
  • Samurai Web Testing Framework - A Virtual Machine Focused on Web Application Testing
  • Nessus - An Advanced Vulnerability Scanner
  • Resolver - A Reverse DNS Lookup Tool
  • Arachni - Web Application Security Scanner Framework
  • Sanewall - A Firewall Builder For Linux
  • Santoku - A Linux Distro For Mobile Security, Malware Analysis, and Forensics
  • SpiderFoot - An Open Source Intelligence Automation Tool
  • PacketFence - An Open Source Network Access Control System
  • Suricata - An Open Source IDS / IPS / NSM engine
  • Malwasm - Tool For Malware Reverse Engineers
  • Nishang - PowerShell For Penetration Testing and Offensive Security


This post first appeared on Effect Hacking - Hacking Tools, How To Guides An, please read the originial post: here

Share the post

DirSearch - Website Directory Scanner

×

Subscribe to Effect Hacking - Hacking Tools, How To Guides An

Get updates delivered right to your inbox!

Thank you for your subscription

×