🍗 Wiki

dirsearch

dirsearch

dirsearch is a tool for brute-forcing web paths based on word lists. It is useful to find hidden features, admin pages, test pages, and abandoned pages.

Despite the tool is written in Python, it is very fast.

1. How to install

pip install dirsearch

It is recommended to use virtual environments(venv) to install the tool.

uv venv webdir-scan
.\webdir-scan\
uv pip install dirsearch

2. How to use

Set the target by passing -u, or --url option and its parameter.

dirsearch -u https://example.com

You might want to exclude some HTTP status code, and it might be 404s. You can pass -x (or --exclude-status) option to exclude them in the scanned list.

dirsearch -u https://example.com -x 404

You can pass -X (or --exclude-extensions) option to reduce numbers of payloads by excluding some platform specific payloads.

dirsearch -u https://example.com -X jsp  # Exclude JSP related payloads (the extension)

Since the tool sends a lot of requests, it is easily identified as an attack by firewalls. Sometimes you should use --delay option.

dirsearch -u https://example.com --delay=1

You can see the speed of brute forcing becoming approximately as number as the number of threads. For me, the program runs with 25 threads by default. If I pass --delay=1 option when scanning a site, the speed become 25 payloads per seconds.

dirsearch can go deeper, because it supports recursive scanning that can be enabled by passing --recursive option. If the recursive scanning is enabled, the scanning goes one step down for the queries that have been found; if the /api has found for the first scanning, the second scan starts with directories with /api path prepended.