During web-security testing we always test it for hidden directories, to find some juicy information about the website. Now hidden directories are hidden for some reason. Usually hidden directories contain sensitive files with important information. We are going to find some hidden directories with the help of DIRB tool.
What is DIRB ?
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the responses. It comes pre-installed with Kali Linux.
DIRB comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also DIRB sometimes can be used as a classic CGI scanner, but remember that it is a content scanner not a vulnerability scanner.
DIRB’s main purpose is to help in professional web application auditing. Specially in security related testing. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects that other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerable.
How to use DIRB on Kali Linux ?
Before using DIRB on our Kali Linux operating system, we are going to see the help options of it by simply using following command on our terminal window:
We can see the options we can use with DIRB in the following screenshot:
Using DIRB is very easy, we just need to run dirb <target> command to run it against a target. For an example we run it on our localhost target by running following command:
We can see the result in the following screenshot:
In the above screenshot we can see that DIRB is using a wordlist and trying to check of directories on the website. In that way if there was a directory which matches with our wordlist will be detected. We can also save the output on a file by using -o flag.We also can use a custom wordlist by adding the path of the wordlist at the end of previous command as following example:
In the following screenshot we can see that we are using our specified wordlist.
With the help of DIRB we can find hidden directories on a web target, which may contain juicy information.
DIRB can repeatedly scan directories and check for files with different extensions in a web target. It can automatically detect the Not Found code when it's not the standard 404.
This is how we can use DIRB on Kali Linux. DIRB is a very useful command line tool for information gathering.
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.