We are covering dirsearch tutorial in this post. it's a simple command-line python based website directory/path scanner which can brute-force any targeted site for it's directory and files. This is very common job in pentesting and dirsearch do this job much faster then the traditional DIRB. It is a mush have tool in our Kali Linux machine.
The above command will show us the help menu of dirsearch as we can see on the following screenshot:
Now it's time to use dirsearch. For an example we assume that google.com is our target and we need to check it's directory and files. We use following command:
Here we look for only php and aspx files, and we have specified our target URL using -u flag.
After running the above command we can see that dirsearch started it's work as we can see on the following screenshot:
On the above screenshot we can see that dirsearch searched for tons of paths and directories on our target website. We might get suspicious or sensitive page from here, but a good bounty hunter or pen tester will gather more information about every location or manually check everything.
Vulnerabilities can be anywhere.
Dirsearch also save the generated output file on a text format (plain, json, xml, md, csv), default format is txt. We can see the path of saved output on the upper side (need to scroll up) of terminal, shown on the following screenshot:
Love our articles? Stay updated with our articles by following us on Twitter and GitHub. Be a part of the KaliLinuxIn community by joining our Telegram Group,
where we focus on Linux and Cybersecurity. We're always available to
help in the comment section and read every comment, ensuring a prompt
reply.
where we focus on Linux and Cybersecurity. We're always available to
help in the comment section and read every comment, ensuring a prompt
reply.