<img src="static/logo.png" alt="dirsearch" width="675px">
dirsearch - Web path discovery
=========
![Build](https://img.shields.io/badge/Built%20with-Python-Blue)
![License](https://img.shields.io/badge/license-GNU_General_Public_License-_red.svg)
![Release](https://img.shields.io/github/release/maurosoria/dirsearch.svg)
![Stars](https://img.shields.io/github/stars/maurosoria/dirsearch.svg)
<a href="https://twitter.com/intent/tweet?text=dirsearch%20-%20Web%20path%20scanner%20by%20@_maurosoria%0A%0Ahttps://github.com/maurosoria/dirsearch">
![Tweet](https://img.shields.io/twitter/url?url=https%3A%2F%2Fgithub.com%2Fmaurosoria%2Fdirsearch)
</a>
**Current Release: v0.4.2 (2021.9.12)**
An advanced command-line tool designed to brute force directories and files in webservers, AKA web path scanner
**dirsearch** is being actively developed by [@maurosoria](https://twitter.com/_maurosoria) and [@shelld3v](https://twitter.com/shells3c_)
Table of Contents
------------
* [Installation](#installation--usage)
* [Wordlists](#wordlists-important)
* [Options](#options)
* [Configuration](#configuration)
* [How to use](#how-to-use)
* [Simple usage](#simple-usage)
* [Pausing progress](#pausing-progress)
* [Recursion](#recursion)
* [Threads](#threads)
* [Prefixes / Suffixes](#prefixes--suffixes)
* [Blacklist](#blacklist)
* [Filters](#filters)
* [Raw request](#raw-request)
* [Wordlist formats](#wordlist-formats)
* [Exclude extensions](#exclude-extensions)
* [Scan sub-directories](#scan-sub-directories)
* [Proxies](#proxies)
* [Reports](#reports)
* [More example commands](#more-example-commands)
* [Support Docker](#support-docker)
* [Install Docker Linux](#install-docker-linux)
* [Build Image dirsearch](#build-image-dirsearch)
* [Using dirsearch](#using-dirsearch)
* [References](#references)
* [Tips](#tips)
* [Contribution](#contribution)
* [License](#license)
Installation & Usage
------------
**Requirement: python 3.7 or higher**
Choose one of these installation options:
- Install with git: `git clone https://github.com/maurosoria/dirsearch.git --depth 1` (RECOMMENDED)
- Install with ZIP file: [Download here](https://github.com/maurosoria/dirsearch/archive/master.zip)
- Install with Docker: `docker build -t "dirsearch:v0.4.2" .` (more information can be found [here](https://github.com/maurosoria/dirsearch#support-docker))
- Install with PyPi: `pip3 install dirsearch`
- Install with Kali Linux: `sudo apt-get install dirsearch` (deprecated)
Wordlists (IMPORTANT)
---------------
**Summary:**
- Wordlist is a text file, each line is a path.
- About extensions, unlike other tools, dirsearch only replaces the `%EXT%` keyword with extensions from **-e** flag.
- For wordlists without `%EXT%` (like [SecLists](https://github.com/danielmiessler/SecLists)), **-f | --force-extensions** switch is required to append extensions to every word in wordlist, as well as the `/`.
- To apply your extensions to wordlist entries that have extensions already, use **-O** | **--overwrite-extensions** (Note: some extensions are excluded from being overwritted such as *.log*, *.json*, *.xml*, ... or media extensions like *.jpg*, *.png*)
- To use multiple wordlists, you can separate your wordlists with commas. Example: `wordlist1.txt,wordlist2.txt`.
**Examples:**
- *Normal extensions*:
```
index.%EXT%
```
Passing **asp** and **aspx** as extensions will generate the following dictionary:
```
index
index.asp
index.aspx
```
- *Force extensions*:
```
admin
```
Passing **php** and **html** as extensions with **-f**/**--force-extensions** flag will generate the following dictionary:
```
admin
admin.php
admin.html
admin/
```
- *Overwrite extensions*:
```
login.html
```
Passing **jsp** and **jspa** as extensions with **-O**/**--overwrite-extensions** flag will generate the following dictionary:
```
login.html
login.jsp
login.jspa
```
Options
-------
```
Usage: dirsearch.py [-u|--url] target [-e|--extensions] extensions [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
Mandatory:
-u URL, --url=URL Target URL(s), support multiple flags
-l PATH, --url-file=PATH
URL list file
--stdin Read URL(s) from STDIN
--cidr=CIDR Target CIDR
--raw=PATH Load raw HTTP request from file (use `--scheme` flag
to set the scheme)
-s SESSION_FILE, --session=SESSION_FILE
Session file
--config=PATH Full path to config file, see 'default.conf' for
example (Default: default.conf)
Dictionary Settings:
-w WORDLIST, --wordlists=WORDLIST
Customize wordlists (separated by commas)
-e EXTENSIONS, --extensions=EXTENSIONS
Extension list separated by commas (e.g. php,asp)
-f, --force-extensions
Add extensions to the end of every wordlist entry. By
default dirsearch only replaces the %EXT% keyword with
extensions
-O, --overwrite-extensions
Overwrite other extensions with your extensions
(selected via `-e`)
--exclude-extensions=EXTENSIONS
Exclude extension list separated by commas (e.g.
asp,jsp)
--remove-extensions
Remove extensions in all paths (e.g. admin.php ->
admin)
--prefixes=PREFIXES
Add custom prefixes to all wordlist entries (separated
by commas)
--suffixes=SUFFIXES
Add custom suffixes to all wordlist entries, ignore
directories (separated by commas)
-U, --uppercase Uppercase wordlist
-L, --lowercase Lowercase wordlist
-C, --capital Capital wordlist
General Settings:
-t THREADS, --threads=THREADS
Number of threads
-r, --recursive Brute-force recursively
--deep-recursive Perform recursive scan on every directory depth (e.g.
api/users -> api/)
--force-recursive Do recursive brute-force for every found path, not
only directories
-R DEPTH, --max-recursion-depth=DEPTH
Maximum recursion depth
--recursion-status=CODES
Valid status codes to perform recursive scan, support
ranges (separated by commas)
--subdirs=SUBDIRS Scan sub-directories of the given URL[s] (separated by
commas)
--exclude-subdirs=SUBDIRS
Exclude the following subdirectories during recursive
scan (separated by commas)
-i CODES, --include-status=CODES
Include status codes, separated by commas, support
ranges (e.g. 200,300-399)
-x CODES, --exclude-status=CODES
Exclude status codes, separated by commas, support
ranges (e.g. 301,500-599)
--exclude-sizes=SIZES
Exclude responses by sizes, separated by commas (e.g.
0B,4KB)
--exclude-texts=TEXTS
Exclude responses by texts, separated by commas (e.g.
'Not found', 'Error')
--exclude-regex=REGEX
Exclude responses by regex (e.g. '^Error$')
--exclude-redirect=STRING
Exclude responses if this regex (or text) matches
redirect URL (e.g. '/index.html')
--exclude-response=PATH
Exclude responses similar to response of this page,
path as input (e.g. 404.html)
--skip-on-status=CODES
Skip target wheneve
评论1