Dirsearch
Dirsearch is a powerful tool designed to facilitate the discovery of directories and files on web servers. It enables penetration testers to enumerate directories and uncover potential entry points within a web application. This guide provides an overview of how to use Dirsearch effectively for web directory enumeration during penetration testing.
Prerequisites:
Basic understanding of web technologies and HTTP protocol.
Python installed on your system. You can download it from Python's official website.
Dirsearch installed on your system (Kali). You can download it from Dirsearch's GitHub repository
How to use:
Launch Dirsearch:
Open your terminal or command prompt.
Navigate to Dirsearch Directory:
Change your current directory to the Dirsearch folder where the tool is located. or just run dirsearch from terminal to test
Perform Basic Scan:
Run Dirsearch with the target URL.
Example command:
python3 dirsearch.py -u <target_URL> -e *
or
dirsearch -u <target_URL> -e *Replace
<target_URL>with the URL of the target web application.
Customize Scan Options:
Explore Dirsearch's various options to customize the scan according to your requirements.
Options include specifying wordlists, adjusting timeout values, and limiting the scan depth.
Output Results to File:
Use the
-oflag to specify the output file for the scan results.Example command:
python3 dirsearch.py -u <target_URL> -e * -o scan_results.txt
or
dirsearch -u <target_URL> -e * -o scan_results.txtThis command saves the scan results to a file named
scan_results.txt.
Choose Wordlist:
Select a wordlist to use for directory and file brute-forcing. Dirsearch provides a default wordlist, but you can also specify custom wordlists using the
-wflag.
python3 dirsearch.py -u <target_URL> -e * -w /usr/share/wordlist/dirb/medium.txt
or
dirsearch -u <target_URL> -e * -w /usr/share/wordlist/dirb/medium.txtMonitor Progress:
Monitor the progress of the scan in real-time. Dirsearch will display directories and files discovered during the scan.
Last updated