Dirsearch
Instalation
$ git clone https://github.com/maurosoria/dirsearch.git
$ cd dirsearch/
Usage
Syntax
python3 dirsearch.py -u <URL> -e <EXTENSION>
Options
Mandatory
-u URL, --url=URL
URL target
-L URLLIST, --url-list=URLLIST
URL list target
-e EXTENSIONS, --extensions=EXTENSIONS
Extension list separated by comma (Example: php,asp)
-E, --extensions-list
Use predefined list of common extensions
Dictionary Settings
-w WORDLIST, --wordlist=WORDLIST
Customize wordlist (separated by comma)
-l, --lowercase
-f, --force-extensions
Force extensions for every wordlist entry (like in DirBuster)
General Settings
-h, --help
show this help message and exit
-s DELAY, --delay=DELAY
Delay between requests (float number)
-r, --recursive
Bruteforce recursively
-R RECURSIVE_LEVEL_MAX, --recursive-level-max=RECURSIVE_LEVEL_MAX
Max recursion level (subdirs) (Default: 1 [only rootdir + 1 dir])
--suppress-empty, --suppress-empty
--scan-subdir=SCANSUBDIRS, --scan-subdirs=SCANSUBDIRS
Scan subdirectories of the given -u|--url (separated by comma)
--exclude-subdir=EXCLUDESUBDIRS, --exclude-subdirs=EXCLUDESUBDIRS
Exclude the following subdirectories during recursive scan (separated by comma)
-t THREADSCOUNT, --threads=THREADSCOUNT
Number of Threads
-x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
Exclude status code, separated by comma (example: 301, 500)
--exclude-texts=EXCLUDETEXTS
Exclude responses by texts, separated by comma (example: "Not found", "Error")
--exclude-regexps=EXCLUDEREGEXPS
Exclude responses by regexps, separated by comma (example: "Not foun[a-z]{1}", "^Error$")
-c COOKIE, --cookie=COOKIE
--ua=USERAGENT, --user-agent=USERAGENT
-F, --follow-redirects
-H HEADERS, --header=HEADERS
Headers to add (example: --header "Referer: example.com" --header "User-Agent: IE"
--random-agents, --random-user-agents
Connection Settings
--timeout=TIMEOUT
Connection timeout
--ip=IP
Resolve name to IP address
--proxy=HTTPPROXY, --http-proxy=HTTPPROXY
Http Proxy (example: localhost:8080
--http-method=HTTPMETHOD
Method to use, default: GET, possible also: HEAD;POST
--max-retries=MAXRETRIES
-b, --request-by-hostname
By default dirsearch will request by IP for speed.
This forces requests by hostname
Reports
--simple-report=SIMPLEOUTPUTFILE
Only found paths
--plain-text-report=PLAINTEXTOUTPUTFILE
Found paths with status codes
--json-report=JSONOUTPUTFILE
Examples
$ ./dirsearch.py -u http://10.10.248.154:3000 -w /opt/wordlists/directory-list-2.3-medium.txt -e php,html
_|. _ _ _ _ _ _|_ v0.3.9
(_||| _) (/_(_|| (_| )
Extensions: php, html | HTTP method: get | Threads: 10 | Wordlist size: 220521
Error Log: /opt/dirsearch/logs/errors-20-05-01_14-09-43.log
Target: http://10.10.248.154:3000
[14:14:37] Starting:
[14:14:38] 302 - 28B - / -> /login
[14:14:38] 302 - 28B - /home -> /login
[14:14:38] 200 - 2KB - /login
[14:14:41] 302 - 27B - /admin -> /home
[14:14:41] 302 - 28B - /Home -> /login
[14:14:41] 301 - 179B - /assets -> /assets/
[14:14:45] 301 - 173B - /css -> /css/
[14:14:49] 200 - 2KB - /Login
[14:14:50] 301 - 171B - /js -> /js/
[14:14:54] 302 - 28B - /logout -> /login
[14:15:26] 200 - 2KB - /sysadmin