DireSearch -- Easy Scanner for Juicy Files


We are covering dirsearch tutorial in this post. it's a simple command-line python based website directory/path scanner which can brute-force any targeted site for it's directory and files. This is very common job in pentesting and dirsearch do this job much faster then the traditional DIRB. It is a mush have tool in our Kali Linux machine.
dirsearch Kali Linux 2021
Now with Kali Linux 2021.2 DirSearch comes pre-installed with kali-linux-full image or we can download it by applying following command:
sudo apt install dirsearch -y
installing dirsearch on Kali Linux
After installing it, we can check the help options of dirsearch by using following command:
dirsearch -h
The above command will show us the help menu of dirsearch as we can see on the following screenshot:
 
dirsearch help

Now it's time to use dirsearch. For an example we assume that google.com is our target and we need to check it's directory and files. We use following command:
dirsearch -u google.com -e aspx,php
Here we look for only php and aspx files, and we have specified our target URL using -u flag.
After running the above command we can see that dirsearch started it's work as we can see on the following screenshot:
dirsearch working
Time to scan is depending on our target website's size. When it finished, we can see a "Task Completed" message on our terminal, as we can see in the following screenshot:
dirsearch task completed
On the above screenshot we can see that dirsearch searched for tons of paths and directories on our target website. We might get suspicious or sensitive page from here, but a good bounty hunter or pen tester will gather more information about every location or manually check everything.
Vulnerabilities can be anywhere.
Dirsearch also save the generated output file on a text format (plain, json, xml, md, csv), default format is txt. We can see the path of saved output on the upper side (need to scroll up) of terminal, shown on the following screenshot:

dirsearch output file location
Love our articles? Stay updated with our articles by following us on Twitter and GitHub. Be a part of the KaliLinuxIn community by joining our Telegram Group,
where we focus on Linux and Cybersecurity. We're always available to
help in the comment section and read every comment, ensuring a prompt
reply. 

AIX

Posting Komentar

Lebih baru Lebih lama