Dirsearch

From aldeid
Jump to navigation Jump to search

Description

dirsearch is a simple command line tool designed to brute force directories and files in websites.

Installation

$ git clone https://github.com/maurosoria/dirsearch.git
$ cd dirsearch/

Usage

Syntax

python3 dirsearch.py -u <URL> -e <EXTENSION>

Options

Mandatory

-u URL, --url=URL
URL target
-L URLLIST, --url-list=URLLIST
URL list target
-e EXTENSIONS, --extensions=EXTENSIONS
Extension list separated by comma (Example: php,asp)
-E, --extensions-list
Use predefined list of common extensions

Dictionary Settings

-w WORDLIST, --wordlist=WORDLIST
Customize wordlist (separated by comma)
-l, --lowercase
-f, --force-extensions
Force extensions for every wordlist entry (like in DirBuster)

General Settings

-h, --help
show this help message and exit
-s DELAY, --delay=DELAY
Delay between requests (float number)
-r, --recursive
Bruteforce recursively
-R RECURSIVE_LEVEL_MAX, --recursive-level-max=RECURSIVE_LEVEL_MAX
Max recursion level (subdirs) (Default: 1 [only rootdir + 1 dir])
--suppress-empty, --suppress-empty
--scan-subdir=SCANSUBDIRS, --scan-subdirs=SCANSUBDIRS
Scan subdirectories of the given -u|--url (separated by comma)
--exclude-subdir=EXCLUDESUBDIRS, --exclude-subdirs=EXCLUDESUBDIRS
Exclude the following subdirectories during recursive scan (separated by comma)
-t THREADSCOUNT, --threads=THREADSCOUNT
Number of Threads
-x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
Exclude status code, separated by comma (example: 301, 500)
--exclude-texts=EXCLUDETEXTS
Exclude responses by texts, separated by comma (example: "Not found", "Error")
--exclude-regexps=EXCLUDEREGEXPS
Exclude responses by regexps, separated by comma (example: "Not foun[a-z]{1}", "^Error$")
-c COOKIE, --cookie=COOKIE
--ua=USERAGENT, --user-agent=USERAGENT
-F, --follow-redirects
-H HEADERS, --header=HEADERS
Headers to add (example: --header "Referer: example.com" --header "User-Agent: IE"
--random-agents, --random-user-agents

Connection Settings

--timeout=TIMEOUT
Connection timeout
--ip=IP
Resolve name to IP address
--proxy=HTTPPROXY, --http-proxy=HTTPPROXY
Http Proxy (example: localhost:8080
--http-method=HTTPMETHOD
Method to use, default: GET, possible also: HEAD;POST
--max-retries=MAXRETRIES
-b, --request-by-hostname
By default dirsearch will request by IP for speed.
This forces requests by hostname

Reports

--simple-report=SIMPLEOUTPUTFILE
Only found paths
--plain-text-report=PLAINTEXTOUTPUTFILE
Found paths with status codes
--json-report=JSONOUTPUTFILE

Example

$ ./dirsearch.py -u http://10.10.248.154:3000 -w /opt/wordlists/directory-list-2.3-medium.txt -e php,html

 _|. _ _  _  _  _ _|_    v0.3.9
(_||| _) (/_(_|| (_| )

Extensions: php, html | HTTP method: get | Threads: 10 | Wordlist size: 220521

Error Log: /opt/dirsearch/logs/errors-20-05-01_14-09-43.log

Target: http://10.10.248.154:3000

[14:14:37] Starting: 
[14:14:38] 302 -   28B  - /  ->  /login
[14:14:38] 302 -   28B  - /home  ->  /login
[14:14:38] 200 -    2KB - /login
[14:14:41] 302 -   27B  - /admin  ->  /home
[14:14:41] 302 -   28B  - /Home  ->  /login
[14:14:41] 301 -  179B  - /assets  ->  /assets/
[14:14:45] 301 -  173B  - /css  ->  /css/
[14:14:49] 200 -    2KB - /Login
[14:14:50] 301 -  171B  - /js  ->  /js/
[14:14:54] 302 -   28B  - /logout  ->  /login
[14:15:26] 200 -    2KB - /sysadmin