dirsearch
is a tool for brute-forcing web paths based on word lists. It is useful to find hidden features, admin pages, test pages, and abandoned pages.
Despite the tool is written in Python, it is very fast.
1. How to install
pip install dirsearch
It is recommended to use virtual environments(venv
) to install the tool.
uv venv webdir-scan
.\webdir-scan\
uv pip install dirsearch
2. How to use
Set the target by passing -u
, or --url
option and its parameter.
dirsearch -u https://example.com
You might want to exclude some HTTP status code, and it might be 404s. You can pass -x
(or --exclude-status
) option to exclude them in the scanned list.
dirsearch -u https://example.com -x 404
You can pass -X
(or --exclude-extensions
) option to reduce numbers of payloads by excluding some platform specific payloads.
dirsearch -u https://example.com -X jsp # Exclude JSP related payloads (the extension)
Since the tool sends a lot of requests, it is easily identified as an attack by firewalls. Sometimes you should use --delay
option.
dirsearch -u https://example.com --delay=1
You can see the speed of brute forcing becoming approximately as number as the number of threads. For me, the program runs with 25 threads by default. If I pass --delay=1
option when scanning a site, the speed become 25 payloads per seconds.
dirsearch
can go deeper, because it supports recursive scanning that can be enabled by passing --recursive
option. If the recursive scanning is enabled, the scanning goes one step down for the queries that have been found; if the /api
has found for the first scanning, the second scan starts with directories with /api
path prepended.
3. Reference
-
Official GitHub: https://github.com/maurosoria/dirsearch