Karl.Fail

Discover Hidden Web Paths with dirsearch: The Ultimate Web Path Brute-Forcer

Written by

Karl

in

on

(Last update:

)

What is dirsearch?

dirsearch is a powerful, open-source web path brute-forcing tool designed to help security professionals uncover hidden directories and files on web servers. Created and actively maintained by @maurosoria and @shelld3v, dirsearch is an essential utility for penetration testers, bug bounty hunters, and cybersecurity enthusiasts.

Whether you’re looking to uncover admin panels, configuration files, or forgotten endpoints, dirsearch empowers you to automate the hunt-fast, reliably, and efficiently.

Why Use dirsearch?

  • Discover unlinked directories or hidden files
  • Enhance reconnaissance in penetration testing
  • Boost bug bounty workflow
  • Bypass misconfigured security through crafted brute-forcing

Installation & Setup

dirsearch requires Python 3.9+ and can be installed in multiple ways:

  • Git (Recommended): git clone https://github.com/maurosoria/dirsearch.git --depth 1
  • PyPi: pip install dirsearch
  • Docker: docker build -t "dirsearch:v0.4.3" .
  • Kali Linux: sudo apt-get install dirsearch (Deprecated)

Core Features & Examples

Basic Usage

Start a scan with:

python3 dirsearch.py -u https://target

Add extensions and wordlists:

python3 dirsearch.py -u https://target -e php,html,js -w /path/to/wordlist.txt

Recursion & Depth Control

Enable recursive scanning with -r and set depth with:

python3 dirsearch.py -u https://target -e php -r --max-recursion-depth 3

Filters

Exclude response sizes or unwanted text:

--exclude-sizes 0B,4KB
--exclude-text "403 Forbidden"

Threads & Performance

Boost speed with threads:

-t 50

Or switch to asynchronous mode:

--async

Prefixes & Suffixes

Add common naming patterns:

--prefixes .,admin
--suffixes ~

Wordlists

Supports multiple and formatted wordlists. For example, generate:

  • adminadmin admin.php admin.html with --force-extensions
  • login.htmllogin.jsp with --overwrite-extensions

Raw Requests

Import HTTP raw requests:

--raw request.txt --scheme https

Reports

Generate results in multiple formats:

  • HTML
  • JSON
  • CSV
  • SQLite
  • PostgreSQL/MySQL
--format html -o results.html

Security Considerations

  • High thread count or aggressive timing may trigger WAFs or rate-limiting.
  • Recursive scans can be heavy-always limit depth and size.
  • Use proxies and randomized User-Agents to reduce detectability.

Advanced Usage Tips

  • Combine --prefixes . and --suffixes ~ to locate backup or config files
  • Use --remove-extensions to focus on directories only
  • Handle 429 rate limits with --skip-on-status 429
  • Speed up large scans using --timeout 3 --retries 1

Docker Integration

Build and run with Docker:

docker build -t "dirsearch:v0.4.3" .
docker run -it --rm "dirsearch:v0.4.3" -u https://target -e php,html,js

Community & Contributions

Join the conversation on the Discord server or contribute via GitHub. dirsearch is licensed under the GNU General Public License v2 and thrives on community feedback and support.

Final Thoughts

dirsearch is a must-have tool for any web application security testing toolkit. It offers an immense set of features, fine-grained control, and performance that rivals commercial tools-all wrapped in a clean, Python-powered package.

If you’re serious about finding hidden web content, don’t miss out on dirsearch!

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


More posts