AKUMA
  • README 🥷🏽
  • Red Teaming 👹
    • Loading 50% 😒
  • 👿BLUE TEAM
    • YARA rules
  • 📦Containers
    • DOCKER
      • Docker Security & Pentesting
        • Commond Docker error
      • 8 Best Practices for Docker Host Security
  • Windows Hardening 🛡️
    • Windows Active Directory Pentesting
      • Dll Hijacking
      • MSDT - Microsoft Support Diagnostic Tool Vulnerability
      • AD Enumeration TOOL
      • AD Certificate Templates
      • Kerberos Delegation
    • Windows Security Controls
      • Applocker Basics
    • Powershell Cheat sheet
    • AMSI Bypass
  • Linux Hardening 🛡️
    • Page 1
  • Network Services Pentesting
    • Footprinting Cheat sheet
      • 21-FTP
      • 161-SNMP
      • 445-SMB-139
      • 2049-NFS
      • 53-DNS
      • 587-SMTP
      • 143-IMAP/POP3
    • Juicy Curl
  • Pentesting Web
    • 100 Web Vulnerabilities, categorized into various types
    • Deserialization
      • Node.js Deserialization
    • SHODAN DORK
    • Vulnerabilities PAYLOADS
      • Directory Traversal Payload
      • Html-Injection-Read-FIle
      • Html-Injection
      • OS-Command-Injection
      • SQL-Injection-Auth-Bypass
      • PHP-Code-Injection
      • SQL-Injection
      • SSRF Basic
      • SSRF
      • XML-External-Entity
      • XSLT (eXtensible Stylesheet Language Transformations)
      • XSS Cheat Sheet
        • XSS
        • XSS -
        • XSS-polyglots
        • Cloudflare's XSS protection
    • Base Information
      • File-Extension-Inclusion
        • File-Inclusion-Windows
        • File-Inclusion-Linux
        • File-Extension
      • Media-Type-(MIME)
      • Windows-Sensitive-Files
      • Linux-Sensitive-Files
      • Linux-Log-Files
  • Blogs
    • How I Passed HTB Certified Penetration Testing Specialist
    • A comparative analysis of Open Source Web Application vulnerability scanners (Rana Khalil)
    • Sean Metcalfe Path for AD
    • Secure Docker - HackerSploit
  • Projects
    • HOME LAB
      • HOME LAB Blogs | Active Directory
        • Active Directory Lab Setup - 101
        • Active Directory Lab Setup - 102
        • Active Directory Lab Setup [ AD Enumeration ] - 103
        • Active Directory Lab Setup [AD Attacks ] - 104
      • Home Lab | Splunk Setup & Configuration
    • HOSTING A WEBSITE AND HARDENING ITS SECURITY
  • CTF- Writeups/ Solutions
    • HTB - Advanced Labs
      • Fortress
        • Jet
        • Akerva
        • Context
        • Synacktv
        • Faraday
        • AWS
      • Endgames
        • Ascension
        • RPG
        • Hades
        • Xen
        • P.O.O.
    • idekCTF 2024 🚩
    • TFC CTF 2024 🏳
    • DeadSec CTF 2024 🏴
      • Bing2 (web)
      • Mic_check (misc)
      • Windows Server (OSINT)
    • ImaginaryCTF 2024 🚩
      • cartesian-1 [Forensics]
      • packed [FORENSICS]
      • bom [FORENSICS]
      • BANK [MISC]
    • NahamCon CTF 2024 🏳
      • all WARMUPs
      • Base3200
      • The Hacker Webstore
      • iDoor
      • All About Robots
      • Thomas DEVerson
      • Helpful Desk
      • Curly Fries
    • Cyber Apocalypse 2024: Hacker Royale 🏴
      • Unbreakable [MISC]
      • StopDropAndRoll [MISC]
      • Character [MISC]
      • Delulu [pwn]
      • Tutorial [pwn]
      • Maze [Hardware]
      • TimeKORP [web]
  • Tools
    • Content Discovery & Form Manipulation
      • ffuf
      • RustScan
      • Feroxbuster
      • Dirsearch
      • Gobuster
      • Wfuzz
      • Webshell
      • websocket
Powered by GitBook
On this page
  • How to Find Hidden Web Directories with Dirsearch
  • Installation of Dirsearch Tool in Kali Linux:
  • Working with Dirsearch Tool:
  1. Tools
  2. Content Discovery & Form Manipulation

Dirsearch

/opt/dirsearch/dirsearch.py -u http://10.10.10.10 -e asp,aspx,bat,c,cfm,cgi,com,dll,exe,htm,html,inc,jhtml,jsa,jsp,log,mdb,nsf,php,phtml,pl,reg,sh,shtml,sql,txt,xml,/,js -x 403,400 –json-report=[/path/]dirsearch.json

How to Find Hidden Web Directories with Dirsearch

Features of Dirsearch Tool:

  1. Dirsearch perform Recursive brute forcing

  2. Dirsearch perform Target enumeration from an IP range

  3. Dirsearch perform Sub-directories brute forcing

  4. Dirsearch is Easy and simple to use

  5. Dirsearch is Multithreading

  6. Dirsearch has Support for every HTTP method

  7. Dirsearch has Quiet mode

  8. Dirsearch has Debug mode

Installation of Dirsearch Tool in Kali Linux:

git clone https://github.com/maurosoria/dirsearch.git

pip3 install -r requirements.txt

python3 dirsearch.py --help

Working with Dirsearch Tool:

Example 1: Simple Usage

python3 dirsearch.py -u https://example.com

Extensions (php,html,js):**

python3 dirsearch.py -e php,html,js -u https://example.com

Using Wordlist:

python3 dirsearch.py -e php,html,js -u https://example.com -w /usr/share/wordlists/dirb/common.txt

Example 2: Recursive Scanning

Simple Recursive Scan:**

python3 dirsearch.py -e php,html,js -u https://geeksforgeeks.org -r

Max Recursion Depth:**

python3 dirsearch.py -e php,html,js -u https://geeksforgeeks.org -r -R 3

Threads

Using Threads:

python3 dirsearch.py -e php,htm,js,bak,zip,tgz,txt -u https://geeksforgeeks.org -t 30

Prefixes / Suffixes

Prefixes:

python3 dirsearch.py -e php -u https://geeksforgeeks.org –prefixes .,admin,_,~

Suffixes:

python3 dirsearch.py -e php -u https://geeksforgeeks.org –suffixes ~,/

Exclude extensions

Excluding Extensions:

python3 dirsearch.py -e asp,aspx,htm,js -u https://geeksforgeeks.org -X php,jsp,jspx

Filters

python3 dirsearch.py -e php,html,js -u https://geeksforgeeks.org -i 200,204,400,403 -x 500,502,429

Scan sub-directories

python3 dirsearch.py -e php,html,js -u https://geeksforgeeks.org –subdirs admin/,folder/,/

Using Proxy Server

python3 dirsearch.py -e php,html,js -u https://geeksforgeeks.org –proxy 127.0.0.1:8080

Saving Results

python3 dirsearch.py -e php -u https://geeksforgeeks.org -o report.tx

PreviousFeroxbusterNextGobuster

Last updated 12 months ago

How to Find Hidden Web Directories with Dirsearch - GeeksforGeeksGeeksforGeeks
Hack Like a Pro: How to Find Directories in Websites Using DirBusterWonderHowTo
Logo
Logo