目录扫描工具dirsearch

<img src="static/logo.png" alt="dirsearch" width="675px"> dirsearch - Web path discovery =========     <a href="https://twitter.com/intent/tweet?text=dirsearch%20-%20Web%20path%20scanner%20by%20@_maurosoria%0A%0Ahttps://github.com/maurosoria/dirsearch">  </a> **Current Release: v0.4.2 (2021.9.12)** An advanced command-line tool designed to brute force directories and files in webservers, AKA web path scanner **dirsearch** is being actively developed by [@maurosoria](https://twitter.com/_maurosoria) and [@shelld3v](https://twitter.com/shells3c_) Table of Contents ------------ * [Installation](#installation--usage) * [Wordlists](#wordlists-important) * [Options](#options) * [Configuration](#configuration) * [How to use](#how-to-use) * [Simple usage](#simple-usage) * [Pausing progress](#pausing-progress) * [Recursive scan](#recursive-scan) * [Threads](#threads) * [Prefixes / Suffixes](#prefixes--suffixes) * [Blacklist](#blacklist) * [Filters](#filters) * [Raw request](#raw-request) * [Wordlist formats](#wordlist-formats) * [Exclude extensions](#exclude-extensions) * [Scan sub-directories](#scan-sub-directories) * [Proxies](#proxies) * [Reports](#reports) * [More example commands](#more-example-commands) * [Support Docker](#support-docker) * [Install Docker Linux](#install-docker-linux) * [Build Image dirsearch](#build-image-dirsearch) * [Using dirsearch](#using-dirsearch) * [References](#references) * [Tips](#tips) * [Contribution](#contribution) * [License](#license) Installation & Usage ------------ **Requirement: python 3.7 or higher** Choose one of these installation options: - Install with git: `git clone https://github.com/maurosoria/dirsearch.git` - Install with ZIP file: [Download here](https://github.com/maurosoria/dirsearch/archive/master.zip) - Install with Docker: `docker build -t "dirsearch:v0.4.1"` ([more information](https://github.com/maurosoria/dirsearch#support-docker)) - Install with Kali Linux: `sudo apt-get install dirsearch` - Install with PyPi: `pip3 install dirsearch` **All in one:** ``` git clone https://github.com/maurosoria/dirsearch.git cd dirsearch pip3 install -r requirements.txt python3 dirsearch.py -u <URL> -e <EXTENSIONS> ``` Wordlists (IMPORTANT) --------------- **Summary:** - Wordlist is a text file, each line is a path. - About extensions, unlike other tools, dirsearch only replaces the `%EXT%` keyword with extensions from **-e** flag. - For wordlists without `%EXT%` (like [SecLists](https://github.com/danielmiessler/SecLists)), **-f | --force-extensions** switch is required to append extensions to every word in wordlist, as well as the `/`. - To use multiple wordlists, you can separate your wordlists with commas. Example: `wordlist1.txt,wordlist2.txt`. **Examples:** - Normal extensions ``` index.%EXT% ``` Passing **asp** and **aspx** extensions will generate the following dictionary: ``` index index.asp index.aspx ``` - Force extensions ``` admin ``` Passing "php" and "html" extensions with **-f**/**--force-extensions** flag will generate the following dictionary: ``` admin admin.php admin.html admin/ ``` Options ------- ``` Usage: dirsearch.py [-u|--url] target [-e|--extensions] extensions [options] Options: --version show program's version number and exit -h, --help show this help message and exit Mandatory: -u URL, --url=URL Target URL -l FILE, --url-list=FILE Target URL list file --stdin Target URL list from STDIN --cidr=CIDR Target CIDR --raw=FILE Load raw HTTP request from file (use `--scheme` flag to set the scheme) -e EXTENSIONS, --extensions=EXTENSIONS Extension list separated by commas (Example: php,asp) -X EXTENSIONS, --exclude-extensions=EXTENSIONS Exclude extension list separated by commas (Example: asp,jsp) -f, --force-extensions Add extensions to every wordlist entry. By default dirsearch only replaces the %EXT% keyword with extensions Dictionary Settings: -w WORDLIST, --wordlists=WORDLIST Customize wordlists (separated by commas) --prefixes=PREFIXES Add custom prefixes to all wordlist entries (separated by commas) --suffixes=SUFFIXES Add custom suffixes to all wordlist entries, ignore directories (separated by commas) --only-selected Remove paths have different extensions from selected ones via `-e` (keep entries don't have extensions) --remove-extensions Remove extensions in all paths (Example: admin.php -> admin) -U, --uppercase Uppercase wordlist -L, --lowercase Lowercase wordlist -C, --capital Capital wordlist General Settings: -t THREADS, --threads=THREADS Number of threads -r, --recursive Brute-force recursively --deep-recursive Perform recursive scan on every directory depth (Example: api/users -> api/) --force-recursive Do recursive brute-force for every found path, not only paths end with slash --recursion-depth=DEPTH Maximum recursion depth --recursion-status=CODES Valid status codes to perform recursive scan, support ranges (separated by commas) --subdirs=SUBDIRS Scan sub-directories of the given URL[s] (separated by commas) --exclude-subdirs=SUBDIRS Exclude the following subdirectories during recursive scan (separated by commas) -i CODES, --include-status=CODES Include status codes, separated by commas, support ranges (Example: 200,300-399) -x CODES, --exclude-status=CODES Exclude status codes, separated by commas, support ranges (Example: 301,500-599) --exclude-sizes=SIZES Exclude responses by sizes, separated by commas (Example: 123B,4KB) --exclude-texts=TEXTS Exclude responses by texts, separated by commas (Example: 'Not found', 'Error') --exclude-regexps=REGEXPS Exclude responses by regexps, separated by commas (Example: 'Not foun[a-z]{1}', '^Error$') --exclude-redirects=REGEXPS Exclude responses by redirect regexps or texts, separated by commas (Example: 'https://okta.com/*') --exclude-content=PATH Exclude responses by response content of this path --skip-on-status=CODES Skip target whenever hit one of these status codes, separated by commas, support ranges --minimal=LENGTH Minimal response length --maximal=LENGTH Maximal response length --max-time=SECONDS Maximal runtime for the scan -q, --quiet-mode Quiet mode --full-url Full URLs i