.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.48.5.
.TH DIRSEARCH "1" "September 2021" "dirsearch v0.4.2" "User Commands"
.SH NAME
dirsearch \- An advanced command-line tool designed to brute force directories and files in webservers
.SH SYNOPSIS
.B dirsearch.py
[\fI\,-u|--url\/\fR] \fI\,target \/\fR[\fI\,-e|--extensions\/\fR] \fI\,extensions \/\fR[\fI\,options\/\fR]
.SH OPTIONS
.TP
\fB\-\-version\fR
show program's version number and exit
.TP
\fB\-h\fR, \fB\-\-help\fR
show this help message and exit
.IP
Mandatory:
.TP
\fB\-u\fR URL, \fB\-\-url\fR=\fI\,URL\/\fR
Target URL
.TP
\fB\-l\fR FILE, \fB\-\-url\-list\fR=\fI\,FILE\/\fR
Target URL list file
.TP
\fB\-\-stdin\fR
Target URL list from STDIN
.TP
\fB\-\-cidr\fR=\fI\,CIDR\/\fR
Target CIDR
.TP
\fB\-\-raw\fR=\fI\,FILE\/\fR
Load raw HTTP request from file (use `\-\-scheme` flag
to set the scheme)
.TP
\fB\-e\fR EXTENSIONS, \fB\-\-extensions\fR=\fI\,EXTENSIONS\/\fR
Extension list separated by commas (Example: php,asp)
.TP
\fB\-X\fR EXTENSIONS, \fB\-\-exclude\-extensions\fR=\fI\,EXTENSIONS\/\fR
Exclude extension list separated by commas (Example:
asp,jsp)
.TP
\fB\-f\fR, \fB\-\-force\-extensions\fR
Add extensions to every wordlist entry. By default
dirsearch only replaces the %EXT% keyword with
extensions
.IP
Dictionary Settings:
.TP
\fB\-w\fR WORDLIST, \fB\-\-wordlists\fR=\fI\,WORDLIST\/\fR
Customize wordlists (separated by commas)
.TP
\fB\-\-prefixes\fR=\fI\,PREFIXES\/\fR
Add custom prefixes to all wordlist entries (separated
by commas)
.TP
\fB\-\-suffixes\fR=\fI\,SUFFIXES\/\fR
Add custom suffixes to all wordlist entries, ignore
directories (separated by commas)
.TP
\fB\-\-only\-selected\fR
Remove paths have different extensions from selected
ones via `\-e` (keep entries don't have extensions)
.TP
\fB\-\-remove\-extensions\fR
Remove extensions in all paths (Example: admin.php \->
admin)
.TP
\fB\-U\fR, \fB\-\-uppercase\fR
Uppercase wordlist
.TP
\fB\-L\fR, \fB\-\-lowercase\fR
Lowercase wordlist
.TP
\fB\-C\fR, \fB\-\-capital\fR
Capital wordlist
.IP
General Settings:
.TP
\fB\-t\fR THREADS, \fB\-\-threads\fR=\fI\,THREADS\/\fR
Number of threads
.TP
\fB\-r\fR, \fB\-\-recursive\fR
Brute\-force recursively
.TP
\fB\-\-deep\-recursive\fR
Perform recursive scan on every directory depth
(Example: api/users \-> api/)
.TP
\fB\-\-force\-recursive\fR
Do recursive brute\-force for every found path, not
only paths end with slash
.TP
\fB\-R\fR DEPTH, \fB\-\-recursion\-depth\fR=\fI\,DEPTH\/\fR
Maximum recursion depth
.TP
\fB\-\-recursion\-status\fR=\fI\,CODES\/\fR
Valid status codes to perform recursive scan, support
ranges (separated by commas)
.TP
\fB\-\-subdirs\fR=\fI\,SUBDIRS\/\fR
Scan sub\-directories of the given URL[s] (separated by
commas)
.TP
\fB\-\-exclude\-subdirs\fR=\fI\,SUBDIRS\/\fR
Exclude the following subdirectories during recursive
scan (separated by commas)
.TP
\fB\-i\fR CODES, \fB\-\-include\-status\fR=\fI\,CODES\/\fR
Include status codes, separated by commas, support
ranges (Example: 200,300\-399)
.TP
\fB\-x\fR CODES, \fB\-\-exclude\-status\fR=\fI\,CODES\/\fR
Exclude status codes, separated by commas, support
ranges (Example: 301,500\-599)
.TP
\fB\-\-exclude\-sizes\fR=\fI\,SIZES\/\fR
Exclude responses by sizes, separated by commas
(Example: 123B,4KB)
.TP
\fB\-\-exclude\-texts\fR=\fI\,TEXTS\/\fR
Exclude responses by texts, separated by commas
(Example: 'Not found', 'Error')
.TP
\fB\-\-exclude\-regexps\fR=\fI\,REGEXPS\/\fR
Exclude responses by regexps, separated by commas
(Example: 'Not foun[a\-z]{1}', '^Error$')
.TP
\fB\-\-exclude\-redirects\fR=\fI\,REGEXPS\/\fR
Exclude responses by redirect regexps or texts,
separated by commas (Example: 'https://okta.com/*')
.TP
\fB\-\-exclude\-response\fR=\fI\,PATH\/\fR
Exclude responses by response of this page (path as
input)
.TP
\fB\-\-skip\-on\-status\fR=\fI\,CODES\/\fR
Skip target whenever hit one of these status codes,
separated by commas, support ranges
.TP
\fB\-\-minimal\fR=\fI\,LENGTH\/\fR
Minimal response length
.TP
\fB\-\-maximal\fR=\fI\,LENGTH\/\fR
Maximal response length
.TP
\fB\-\-max\-time\fR=\fI\,SECONDS\/\fR
Maximal runtime for the scan
.TP
\fB\-q\fR, \fB\-\-quiet\-mode\fR
Quiet mode
.TP
\fB\-\-full\-url\fR
Full URLs in the output (enabled automatically in
quiet mode)
.TP
\fB\-\-no\-color\fR
No colored output
.IP
Request Settings:
.TP
\fB\-m\fR METHOD, \fB\-\-http\-method\fR=\fI\,METHOD\/\fR
HTTP method (default: GET)
.TP
\fB\-d\fR DATA, \fB\-\-data\fR=\fI\,DATA\/\fR
HTTP request data
.TP
\fB\-H\fR HEADERS, \fB\-\-header\fR=\fI\,HEADERS\/\fR
HTTP request header, support multiple flags (Example:
\fB\-H\fR 'Referer: example.com')
.TP
\fB\-\-header\-list\fR=\fI\,FILE\/\fR
File contains HTTP request headers
.TP
\fB\-F\fR, \fB\-\-follow\-redirects\fR
Follow HTTP redirects
.TP
\fB\-\-random\-agent\fR
Choose a random User\-Agent for each request
.TP
\fB\-\-auth\-type\fR=\fI\,TYPE\/\fR
Authentication type (basic, digest, bearer, ntlm)
.TP
\fB\-\-auth\fR=\fI\,CREDENTIAL\/\fR
Authentication credential (user:password or bearer
token)
.HP
\fB\-\-user\-agent\fR=\fI\,USERAGENT\/\fR
.HP
\fB\-\-cookie\fR=\fI\,COOKIE\/\fR
.IP
Connection Settings:
.TP
\fB\-\-timeout\fR=\fI\,TIMEOUT\/\fR
Connection timeout
.TP
\fB\-s\fR DELAY, \fB\-\-delay\fR=\fI\,DELAY\/\fR
Delay between requests
.TP
\fB\-\-proxy\fR=\fI\,PROXY\/\fR
Proxy URL, support HTTP and SOCKS proxies (Example:
localhost:8080, socks5://localhost:8088)
.TP
\fB\-\-proxy\-list\fR=\fI\,FILE\/\fR
File contains proxy servers
.TP
\fB\-\-replay\-proxy\fR=\fI\,PROXY\/\fR
Proxy to replay with found paths
.TP
\fB\-\-scheme\fR=\fI\,SCHEME\/\fR
Default scheme (for raw request or if there is no
scheme in the URL)
.TP
\fB\-\-max\-rate\fR=\fI\,RATE\/\fR
Max requests per second
.TP
\fB\-\-retries\fR=\fI\,RETRIES\/\fR
Number of retries for failed requests
.TP
\fB\-b\fR, \fB\-\-request\-by\-hostname\fR
By default dirsearch requests by IP for speed. This
will force dirsearch to request by hostname
.TP
\fB\-\-ip\fR=\fI\,IP\/\fR
Server IP address
.TP
\fB\-\-exit\-on\-error\fR
Exit whenever an error occurs
.IP
Reports:
.TP
\fB\-o\fR FILE, \fB\-\-output\fR=\fI\,FILE\/\fR
Output file
.TP
\fB\-\-format\fR=\fI\,FORMAT\/\fR
Report format (Available: simple, plain, json, xml,
md, csv, html)
.IP
You can change the dirsearch default configurations (default extensions,
.PP
timeout, wordlist location, ...) by editing the "/etc/dirsearch/default.conf"
file. More information at https://github.com/maurosoria/dirsearch.
.SH "SEE ALSO"
The full documentation for
.B dirsearch
is maintained as a Texinfo manual.  If the
.B info
and
.B dirsearch
programs are properly installed at your site, the command
.IP
.B info dirsearch
.PP
should give you access to the complete manual.