Dirsearch
Last updated
Last updated
Dirsearch is a powerful tool designed to facilitate the discovery of directories and files on web servers. It enables penetration testers to enumerate directories and uncover potential entry points within a web application. This guide provides an overview of how to use Dirsearch effectively for web directory enumeration during penetration testing.
Prerequisites:
Basic understanding of web technologies and HTTP protocol.
Python installed on your system. You can download it from .
Dirsearch installed on your system (Kali). You can download it from
How to use:
Launch Dirsearch:
Open your terminal or command prompt.
Navigate to Dirsearch Directory:
Change your current directory to the Dirsearch folder where the tool is located. or just run dirsearch from terminal to test
Perform Basic Scan:
Run Dirsearch with the target URL.
Example command:
Replace <target_URL> with the URL of the target web application.
Customize Scan Options:
Explore Dirsearch's various options to customize the scan according to your requirements.
Options include specifying wordlists, adjusting timeout values, and limiting the scan depth.
Output Results to File:
Use the -o flag to specify the output file for the scan results.
Example command:
This command saves the scan results to a file named scan_results.txt.
Choose Wordlist:
Select a wordlist to use for directory and file brute-forcing. Dirsearch provides a default wordlist, but you can also specify custom wordlists using the -w flag.
Monitor Progress:
Monitor the progress of the scan in real-time. Dirsearch will display directories and files discovered during the scan.
