Scroll to navigation

DIRSEARCH(1) User Commands DIRSEARCH(1)

NAME

dirsearch - An advanced command-line tool designed to brute force directories and files in webservers

SYNOPSIS

dirsearch.py [-u|--url] target [-e|--extensions] extensions [options]

OPTIONS

show program's version number and exit
show this help message and exit
Mandatory:
Target URL
Target URL list file
Target URL list from STDIN
Target CIDR
Load raw HTTP request from file (use `--scheme` flag to set the scheme)
Extension list separated by commas (Example: php,asp)
Exclude extension list separated by commas (Example: asp,jsp)
Add extensions to every wordlist entry. By default dirsearch only replaces the %EXT% keyword with extensions
Dictionary Settings:
Customize wordlists (separated by commas)
Add custom prefixes to all wordlist entries (separated by commas)
Add custom suffixes to all wordlist entries, ignore directories (separated by commas)
Remove paths have different extensions from selected ones via `-e` (keep entries don't have extensions)
Remove extensions in all paths (Example: admin.php -> admin)
Uppercase wordlist
Lowercase wordlist
Capital wordlist
General Settings:
Number of threads
Brute-force recursively
Perform recursive scan on every directory depth (Example: api/users -> api/)
Do recursive brute-force for every found path, not only paths end with slash
Maximum recursion depth
Valid status codes to perform recursive scan, support ranges (separated by commas)
Scan sub-directories of the given URL[s] (separated by commas)
Exclude the following subdirectories during recursive scan (separated by commas)
Include status codes, separated by commas, support ranges (Example: 200,300-399)
Exclude status codes, separated by commas, support ranges (Example: 301,500-599)
Exclude responses by sizes, separated by commas (Example: 123B,4KB)
Exclude responses by texts, separated by commas (Example: 'Not found', 'Error')
Exclude responses by regexps, separated by commas (Example: 'Not foun[a-z]{1}', '^Error$')
Exclude responses by redirect regexps or texts, separated by commas (Example: 'https://okta.com/*')
Exclude responses by response of this page (path as input)
Skip target whenever hit one of these status codes, separated by commas, support ranges
Minimal response length
Maximal response length
Maximal runtime for the scan
Quiet mode
Full URLs in the output (enabled automatically in quiet mode)
No colored output
Request Settings:
HTTP method (default: GET)
HTTP request data
HTTP request header, support multiple flags (Example: -H 'Referer: example.com')
File contains HTTP request headers
Follow HTTP redirects
Choose a random User-Agent for each request
Authentication type (basic, digest, bearer, ntlm)
Authentication credential (user:password or bearer token)

--user-agent=USERAGENT

--cookie=COOKIE

Connection Settings:
Connection timeout
Delay between requests
Proxy URL, support HTTP and SOCKS proxies (Example: localhost:8080, socks5://localhost:8088)
File contains proxy servers
Proxy to replay with found paths
Default scheme (for raw request or if there is no scheme in the URL)
Max requests per second
Number of retries for failed requests
By default dirsearch requests by IP for speed. This will force dirsearch to request by hostname
Server IP address
Exit whenever an error occurs
Reports:
Output file
Report format (Available: simple, plain, json, xml, md, csv, html)
You can change the dirsearch default configurations (default extensions,

timeout, wordlist location, ...) by editing the "/etc/dirsearch/default.conf" file. More information at https://github.com/maurosoria/dirsearch.

SEE ALSO

The full documentation for dirsearch is maintained as a Texinfo manual. If the info and dirsearch programs are properly installed at your site, the command

info dirsearch

should give you access to the complete manual.

September 2021 dirsearch v0.4.2