# Dirsearch

Dirsearch is a powerful tool designed to facilitate the discovery of directories and files on web servers. It enables penetration testers to enumerate directories and uncover potential entry points within a web application. This guide provides an overview of how to use Dirsearch effectively for web directory enumeration during penetration testing.

**Prerequisites:**

1. Basic understanding of web technologies and HTTP protocol.
2. Python installed on your system. You can download it from [Python's official website](https://www.python.org/downloads/).
3. Dirsearch installed on your system (Kali). You can download it from [Dirsearch's GitHub repository](https://github.com/maurosoria/dirsearch)

**How to use:**

1. **Launch Dirsearch:**
   * Open your terminal or command prompt.
2. **Navigate to Dirsearch Directory:**
   * Change your current directory to the Dirsearch folder where the tool is located. or just run dirsearch from terminal to test
3. **Perform Basic Scan:**
   * Run Dirsearch with the target URL.
   * Example command: 

```
python3 dirsearch.py -u <target_URL> -e *

or

dirsearch -u <target_URL> -e *
```

* Replace `<target_URL>` with the URL of the target web application.

1. **Customize Scan Options:**
   * Explore Dirsearch's various options to customize the scan according to your requirements.
   * Options include specifying wordlists, adjusting timeout values, and limiting the scan depth.
2. **Output Results to File:**
   * Use the `-o` flag to specify the output file for the scan results.
   * Example command:&#x20;

```
python3 dirsearch.py -u <target_URL> -e * -o scan_results.txt

or

dirsearch -u <target_URL> -e * -o scan_results.txt
```

* This command saves the scan results to a file named `scan_results.txt`.

1. **Choose Wordlist:**
   * Select a wordlist to use for directory and file brute-forcing. Dirsearch provides a default wordlist, but you can also specify custom wordlists using the `-w` flag.

```
python3 dirsearch.py -u <target_URL> -e * -w /usr/share/wordlist/dirb/medium.txt

or

dirsearch -u <target_URL> -e * -w /usr/share/wordlist/dirb/medium.txt
```

1. **Monitor Progress:**
   * Monitor the progress of the scan in real-time. Dirsearch will display directories and files discovered during the scan.

<figure><img src="https://2638390860-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZuwDM5RsyqvJI2rweSHO%2Fuploads%2FxGHFxwqBlqgXEXWi6jjz%2Fimage.png?alt=media&#x26;token=67064bde-4e4b-4226-a936-c89ba5a47ed2" alt=""><figcaption></figcaption></figure>