Introduction
Dirsearch is an open-source, command-line-based web directory scanner designed to discover hidden directories and files on a web server. It is a fast and efficient tool often used in security assessments and penetration testing to identify sensitive files and paths that might not be easily visible. Dirsearch supports brute-forcing of directories and files and can be configured to use custom wordlists for targeted scanning.This guide provides an in-depth overview of Dirsearch's installation, configuration, and usage, including detailed examples, common use cases, and troubleshooting steps.
Table of Contents
- System Requirements
- Installation
- Basic Usage
- Scanning a Single URL
- Scanning with Custom Wordlist
- Limiting Scan Depth
- Advanced Features
- Recursive Scanning
- HTTP Authentication
- File Extensions and Custom Rules
- Configuration and Customization
- Using Custom Wordlists
- Configuring Rate Limits
- Output Options
- Common Use Cases
- Discovery of Hidden Files and Directories
- Subdomain Scanning
- Troubleshooting
- Contributing
- License
1. System Requirements
Dirsearch is a lightweight Python script, making it easy to run on most operating systems. The following system requirements are recommended for optimal performance:- Operating System: Linux, macOS, or Windows (with Python installed)
- Python: Python 3.6+ (including all dependencies)
- Memory: 1 GB RAM (2 GB or more recommended for large scans)
- Disk Space: At least 50 MB free for installation and logs
2. Installation
2.1 Installation via GitHub
- Clone the repository: Dirsearch can be cloned directly from GitHub. Open a terminal and run:
git clone https://github.com/maurosoria/dirsearch.git - Navigate to the Dirsearch directory:
cd dirsearch - Install Python dependencies: Ensure that Python 3 and pip are installed, then install the necessary dependencies:
pip3 install -r requirements.txt - Verify the installation: To verify that Dirsearch is working correctly, run:
python3 dirsearch.py -h
3. Basic Usage
Dirsearch is very straightforward to use for basic directory scanning. Below are some of the most common commands for performing a scan.3.1 Scanning a Single URL
To begin a simple directory scan on a target URL:python3 dirsearch.py -u http://example.com
This command will scan the http://example.com URL using the default wordlist, checking for common directories like /admin, /uploads, /images, etc.
3.2 Scanning with Custom Wordlist
By default, Dirsearch uses a predefined wordlist, but you can use your own custom wordlist by specifying it with the -w option:python3 dirsearch.py -u http://example.com -w /path/to/your/wordlist.txt
3.3 Limiting Scan Depth
You can limit the depth of the scan, which controls how many levels of directories Dirsearch will scan. The -e option lets you set the file extensions to scan for, and -t sets the maximum number of threads.To limit the scan depth to 2 levels and scan for .php, .html, and .txt files:
python3 dirsearch.py -u http://example.com -d 2 -e php,html,txt
- -d: Limits the scan depth.
- -e: Specify file extensions to scan.
4. Advanced Features
Dirsearch comes with a variety of advanced features to help customize and fine-tune your directory scanning process.4.1 Recursive Scanning
By default, Dirsearch performs a one-time scan of the base URL. If you want Dirsearch to follow discovered directories recursively, use the -r option:python3 dirsearch.py -u http://example.com -r
This will cause Dirsearch to scan any directories it discovers, making it more thorough in uncovering hidden paths.
4.2 HTTP Authentication
If the target website is protected by basic HTTP authentication, you can provide the username and password with the -a option:python3 dirsearch.py -u http://example.com -a "username:password"
4.3 File Extensions and Custom Rules
Dirsearch supports scanning for specific file extensions or types by providing a custom list using the -e option. For example:python3 dirsearch.py -u http://example.com -e php,asp,jsp
You can also configure custom rules for the scanner by modifying or creating additional rules files.
4.4 Limiting Request Rate
To avoid overwhelming the target server or getting blocked, you can limit the number of requests per second using the --delay option:python3 dirsearch.py -u http://example.com --delay 1
This will introduce a delay of 1 second between requests, slowing down the scan.
5. Configuration and Customization
Dirsearch provides a variety of configuration options, allowing you to modify its behavior for specific needs.5.1 Using Custom Wordlists
Dirsearch supports custom wordlists that can be specified via the -w flag. Wordlists can be created or downloaded from multiple sources like:- SecLists (https://github.com/danielmiessler/SecLists)
- FuzzDB (https://github.com/fuzzdb-project/fuzzdb)
python3 dirsearch.py -u http://example.com -w /path/to/large_wordlist.txt
5.2 Configuring Rate Limits
You can control the scan's speed with the --rate option, specifying how many requests Dirsearch should make per second:python3 dirsearch.py -u http://example.com --rate 10
This command limits the scan to 10 requests per second.
5.3 Output Options
Dirsearch provides several output formats for reporting results. The following options are available:- Standard output: Displays the results in the terminal window.
- JSON output: Outputs results in JSON format.
python3 dirsearch.py -u http://example.com -o result.json - HTML output: Outputs results in an HTML file.
python3 dirsearch.py -u http://example.com -o result.html
6. Common Use Cases
6.1 Discovery of Hidden Files and Directories
Dirsearch is most commonly used for uncovering hidden directories and files within a web server. For example:python3 dirsearch.py -u http://example.com -w /path/to/wordlist.txt -r
This will recursively scan for any potential hidden paths, useful for identifying configuration files, backup files, or directories like /admin or /config.
6.2 Subdomain Scanning
To combine Dirsearch with other tools, you can first discover subdomains using tools like Sublist3r or Amass, then scan those subdomains for hidden paths:python3 dirsearch.py -u http://subdomain.example.com -w /path/to/wordlist.txt
This allows for targeted directory scanning on multiple subdomains simultaneously.
6.3 Brute-forcing Web Application Paths
When testing web applications for exposed files, Dirsearch can be used to brute-force common file paths like /backup, /admin, /uploads, etc.:python3 dirsearch.py -u http://example.com -w /path/to/wordlist.txt
This will attempt to find paths corresponding to common misconfigurations or sensitive endpoints.
7. Troubleshooting
Common Issues
- Connection Timeout: If Dirsearch is unable to connect to the target, ensure that the target is online and that your firewall allows outbound HTTP/S connections.
- Permission Denied Errors: Ensure that you have permission to scan the target and that you are not violating any terms of service.
- Scan Results Are Empty: If no directories or files are found, you may want to use a larger wordlist or check the target server for aggressive rate-limiting.
Debugging
If you encounter issues with Dirsearch, you can enable debug mode to display additional output:python3 dirsearch.py -u http://example.com --debug