VK9 Security

dirsearch how to

by | Feb 20, 2020 | Tools

dirsearch is a simple command line tool designed to brute force directories and files in websites.

https://github.com/maurosoria/dirsearch

Installation

1. Download the source code

  • git clone https://github.com/maurosoria/dirsearch.git
  • ls
  • cd dirsearch/
  • ls

2. To execute the program

  • ./dirsearch.py
  • python3 dirsearch.py

How to use

1. Display the help menu

  • ./dirsearch.py --help

Search

-w = Customize wordlist (separated by comma)

-e = Extension list separated by comma (Example: php,asp)

-u = URL to scan

  • ./dirsearch.py -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e php -u http://bank.htb

2. Using a list of URLs use -L

  • ./dirsearch.py -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e php -L url_list.txt

3. Using predefined list of extensions

-E = Use predefined list of common extensions

  • ./dirsearch.py -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -E -L url_list.txt

4. Enable recursion and for extensions

-f = Force extensions for every wordlist entry

-r = Bruteforce recursively

  • ./dirsearch.py -rf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -E -L url_list.txt

Set the level of recursion

-R = Max recursion level (subdirs) (Default: 1 [only rootdir + 1 dir])

  • ./dirsearch.py -r -R 3 -f -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -E -L url_list.txt

5. Increasing the number of threats (not recommended)

-t = Number of Threads

  • ./dirsearch.py -rf -t 5 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -E -L url_list.txt

6. Excluding status code

-x = Exclude status code, separated by comma (example: 301, 500)

  • ./dirsearch.py -rf -x 200 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -E -L url_list.txt

7. Set a cookie, and send the requests to BurpSuite

--proxy=127.0.0.1:8080 = Http Proxy (example: localhost:8080)

-c = Set a cookie

  • ./dirsearch.py -rf -c HTBBankAuth=cfj5qnhq8br2si58l7pm9q5j56 --proxy=127.0.0.1:8080 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -E -L url_list.txt

8. Spoofing User-Agent

--ua = User agent text

  • ./dirsearch.py -rf --ua="Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1" --proxy=127.0.0.1:8080 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -E -L url_list.txt

9. Use a different method for the scan

--http-method = Method to use, default: GET, possible also: HEAD;POST

  • ./dirsearch.py -rf --http-method=POST --proxy=127.0.0.1:8080 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -E -L url_list.txt

10. Follow redirects

-F = follow redirects

  • ./dirsearch.py -F -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -E -L url_list.txt

11. Writing results to a file

  • ./dirsearch.py --plain-text-report=result.txt -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -E -L url_list.txt
  • cat results.txt