• CHS
  • 29th Jul 2018
  • dirsearch

    dirsearch is a simple command line tool designed to brute force directories and files in websites.

    Features

    • Multithreaded

    • Keep alive connections
    • Support for multiple extensions (-e|--extensions asp,php)
    • Reporting (plain text, JSON)
    • Heuristically detects invalid web pages
    • Recursive brute forcing
    • HTTP proxy support
    • User agent randomization
    • Batch processing
    • Request delaying

    About wordlists

    Dictionaries must be text files. Each line will be processed as such, except that the special word %EXT% is used, which will generate one entry for each extension (-e | --extension) passed as an argument.

    Example:

    • example/
    • example.%EXT%

    Passing the extensions "asp" and "aspx" will generate the following dictionary:

    • example/
    • example.asp
    • example.aspx

    You can also use -f | --force-extensions switch to append extensions to every word in the wordlists (like DirBuster).

    Commands

    ./dirsearch.py -u hostname.com -e aspx,php
    ./dirsearch.py -u hostname.com -e * //all extensions
    ./dirsearch.py -u hostname.com -e * -t 10 //you can change the no.of threads.

    Here is an example search

    dirsearch

    CHS

    I Find this tool very useful while gathering information :P