dirsearch v0.4.2 releases: Web path scanner
Current Release: v0.4.2 (2021.9.12)
An advanced command-line tool designed to brute force directories and files in webservers, AKA web path scanner
- Keep-alive connections
- Support for multiple extensions (-e|–extensions asp,php)
- Reporting (plain text, JSON)
- Heuristically detects invalid web pages
- Recursive brute forcing
- HTTP proxy support
- User-agent randomization
- Batch processing
- Request delaying
- More accurate
- Exclude responses by redirects
- URLs from STDIN
- Fixed the CSV Injection vulnerability (https://www.exploit-db.com/exploits/49370)
- Raw request supported
- Can setup the default URL scheme (will be used when there is no scheme in the URL)
- Added max runtime option
- Recursion on specified status codes
- Max request rate
- Support several authentication types
- Deep/forced recursive scan
- HTML report format
- Option to skip target by specified status codes
- Bug fixes
git clone https://github.com/maurosoria/dirsearch.git
pip3 install -r requirements.txt
- Wordlist is a text file, each line is a path.
- About extensions, unlike other tools, dirsearch only replaces the
%EXT%keyword with extensions from -e flag.
- For wordlists without
%EXT%(like SecLists), -f | –force-extensions switch is required to append extensions to every word in wordlist, as well as the
- To use multiple wordlists, you can separate your wordlists with commas. Example: wordlist1.txt,wordlist2.txt.
Dictionaries must be text files. Each line will be processed as such, except that the special word %EXT% is used, which will generate one entry for each extension (-e | –extension) passed as an argument.
Passing the extensions “asp” and “aspx” will generate the following dictionary:
You can also use -f | –force-extensions switch to append extensions to every word in the wordlists (like DirBuster).
Copyright (C) Mauro Soria (email@example.com)