Tag: directory-bruteforcing

  • Discover Hidden Web Paths with dirsearch: The Ultimate Web Path Brute-Forcer

    What is dirsearch?

    dirsearch is a powerful, open-source web path brute-forcing tool designed to help security professionals uncover hidden directories and files on web servers. Created and actively maintained by @maurosoria and @shelld3v, dirsearch is an essential utility for penetration testers, bug bounty hunters, and cybersecurity enthusiasts.

    Whether you’re looking to uncover admin panels, configuration files, or forgotten endpoints, dirsearch empowers you to automate the hunt-fast, reliably, and efficiently.

    Why Use dirsearch?

    • Discover unlinked directories or hidden files
    • Enhance reconnaissance in penetration testing
    • Boost bug bounty workflow
    • Bypass misconfigured security through crafted brute-forcing

    Installation & Setup

    dirsearch requires Python 3.9+ and can be installed in multiple ways:

    • Git (Recommended): git clone https://github.com/maurosoria/dirsearch.git --depth 1
    • PyPi: pip install dirsearch
    • Docker: docker build -t "dirsearch:v0.4.3" .
    • Kali Linux: sudo apt-get install dirsearch (Deprecated)

    Core Features & Examples

    Basic Usage

    Start a scan with:

    python3 dirsearch.py -u https://target

    Add extensions and wordlists:

    python3 dirsearch.py -u https://target -e php,html,js -w /path/to/wordlist.txt

    Recursion & Depth Control

    Enable recursive scanning with -r and set depth with:

    python3 dirsearch.py -u https://target -e php -r --max-recursion-depth 3

    Filters

    Exclude response sizes or unwanted text:

    --exclude-sizes 0B,4KB
    --exclude-text "403 Forbidden"

    Threads & Performance

    Boost speed with threads:

    -t 50

    Or switch to asynchronous mode:

    --async

    Prefixes & Suffixes

    Add common naming patterns:

    --prefixes .,admin
    --suffixes ~

    Wordlists

    Supports multiple and formatted wordlists. For example, generate:

    • adminadmin admin.php admin.html with --force-extensions
    • login.htmllogin.jsp with --overwrite-extensions

    Raw Requests

    Import HTTP raw requests:

    --raw request.txt --scheme https

    Reports

    Generate results in multiple formats:

    • HTML
    • JSON
    • CSV
    • SQLite
    • PostgreSQL/MySQL
    --format html -o results.html

    Security Considerations

    • High thread count or aggressive timing may trigger WAFs or rate-limiting.
    • Recursive scans can be heavy-always limit depth and size.
    • Use proxies and randomized User-Agents to reduce detectability.

    Advanced Usage Tips

    • Combine --prefixes . and --suffixes ~ to locate backup or config files
    • Use --remove-extensions to focus on directories only
    • Handle 429 rate limits with --skip-on-status 429
    • Speed up large scans using --timeout 3 --retries 1

    Docker Integration

    Build and run with Docker:

    docker build -t "dirsearch:v0.4.3" .
    docker run -it --rm "dirsearch:v0.4.3" -u https://target -e php,html,js

    Community & Contributions

    Join the conversation on the Discord server or contribute via GitHub. dirsearch is licensed under the GNU General Public License v2 and thrives on community feedback and support.

    Final Thoughts

    dirsearch is a must-have tool for any web application security testing toolkit. It offers an immense set of features, fine-grained control, and performance that rivals commercial tools-all wrapped in a clean, Python-powered package.

    If you’re serious about finding hidden web content, don’t miss out on dirsearch!