Skip to content

Dirsearch

Instalation

$ git clone https://github.com/maurosoria/dirsearch.git
$ cd dirsearch/

Usage

Syntax

python3 dirsearch.py -u <URL> -e <EXTENSION>

Options

Mandatory
-u URL, --url=URL
    URL target
-L URLLIST, --url-list=URLLIST
    URL list target
-e EXTENSIONS, --extensions=EXTENSIONS
    Extension list separated by comma (Example: php,asp)
-E, --extensions-list
    Use predefined list of common extensions

Dictionary Settings
-w WORDLIST, --wordlist=WORDLIST
    Customize wordlist (separated by comma)
-l, --lowercase
-f, --force-extensions
    Force extensions for every wordlist entry (like in DirBuster)

General Settings
-h, --help
    show this help message and exit
-s DELAY, --delay=DELAY
    Delay between requests (float number)
-r, --recursive

Bruteforce recursively
-R RECURSIVE_LEVEL_MAX, --recursive-level-max=RECURSIVE_LEVEL_MAX
    Max recursion level (subdirs) (Default: 1 [only rootdir + 1 dir])
--suppress-empty, --suppress-empty
--scan-subdir=SCANSUBDIRS, --scan-subdirs=SCANSUBDIRS
    Scan subdirectories of the given -u|--url (separated by comma)
--exclude-subdir=EXCLUDESUBDIRS, --exclude-subdirs=EXCLUDESUBDIRS
    Exclude the following subdirectories during recursive scan (separated by comma)
-t THREADSCOUNT, --threads=THREADSCOUNT
    Number of Threads
-x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
    Exclude status code, separated by comma (example: 301, 500)
--exclude-texts=EXCLUDETEXTS
    Exclude responses by texts, separated by comma (example: "Not found", "Error")
--exclude-regexps=EXCLUDEREGEXPS
    Exclude responses by regexps, separated by comma (example: "Not foun[a-z]{1}", "^Error$")
-c COOKIE, --cookie=COOKIE
--ua=USERAGENT, --user-agent=USERAGENT
-F, --follow-redirects
-H HEADERS, --header=HEADERS
    Headers to add (example: --header "Referer: example.com" --header "User-Agent: IE"
--random-agents, --random-user-agents

Connection Settings
--timeout=TIMEOUT
    Connection timeout
--ip=IP
    Resolve name to IP address
--proxy=HTTPPROXY, --http-proxy=HTTPPROXY
    Http Proxy (example: localhost:8080
--http-method=HTTPMETHOD
    Method to use, default: GET, possible also: HEAD;POST
--max-retries=MAXRETRIES
-b, --request-by-hostname
    By default dirsearch will request by IP for speed.
    This forces requests by hostname

Reports
--simple-report=SIMPLEOUTPUTFILE
    Only found paths
--plain-text-report=PLAINTEXTOUTPUTFILE
    Found paths with status codes
--json-report=JSONOUTPUTFILE

Examples

$ ./dirsearch.py -u http://10.10.248.154:3000 -w /opt/wordlists/directory-list-2.3-medium.txt -e php,html

 _|. _ _  _  _  _ _|_    v0.3.9
(_||| _) (/_(_|| (_| )

Extensions: php, html | HTTP method: get | Threads: 10 | Wordlist size: 220521

Error Log: /opt/dirsearch/logs/errors-20-05-01_14-09-43.log

Target: http://10.10.248.154:3000

[14:14:37] Starting: 
[14:14:38] 302 -   28B  - /  ->  /login
[14:14:38] 302 -   28B  - /home  ->  /login
[14:14:38] 200 -    2KB - /login
[14:14:41] 302 -   27B  - /admin  ->  /home
[14:14:41] 302 -   28B  - /Home  ->  /login
[14:14:41] 301 -  179B  - /assets  ->  /assets/
[14:14:45] 301 -  173B  - /css  ->  /css/
[14:14:49] 200 -    2KB - /Login
[14:14:50] 301 -  171B  - /js  ->  /js/
[14:14:54] 302 -   28B  - /logout  ->  /login
[14:15:26] 200 -    2KB - /sysadmin