Dirb

Description

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analizing the response.

It comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also this sometimes can be used as a classic CGI scanner, but remember is a content scanner not a vulnerability
scanner.

It main purpose is to help in professional web application auditing. Specially in security related testing. It covers some holes not covered by classic web vulnerability scanners. It looks for specific web objects that
other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerables.

Usage

Syntax

dirb <url_base> [<wordlist_file(s)>] [options]

========================= NOTES =========================
 <url_base> : Base URL to scan. (Use -resume for session resuming)
 <wordlist_file(s)> : List of wordfiles. (wordfile1,wordfile2,wordfile3...) 

Options

======================== HOTKEYS ========================
 'n' -> Go to next directory.
 'q' -> Stop scan. (Saving state for resume)

======================== OPTIONS ========================
 -a <agent_string> : Specify your custom USER_AGENT.
 -c <cookie_string> : Set a cookie for the HTTP request.
 -f : Fine tunning of NOT_FOUND (404) detection.
 -H <header_string> : Add a custom header to the HTTP request.
 -i : Use case-insensitive search.
 -l : Print "Location" header when found.
 -N <nf_code>: Ignore responses with this HTTP code.
 -o <output_file> : Save output to disk.
 -p <proxy[:port]> : Use this proxy. (Default port is 1080)
 -P <proxy_username:proxy_password> : Proxy Authentication.
 -r : Don't search recursively.
 -R : Interactive recursion. (Asks for each directory)
 -S : Silent Mode. Don't show tested words. (For dumb terminals)
 -t : Don't force an ending '/' on URLs.
 -u <username:password> : HTTP Authentication.
 -v : Show also NOT_FOUND pages.
 -w : Don't stop on WARNING messages.
 -X <extensions> / -x <exts_file> : Append each word with this extensions.
 -z <milisecs> : Add a miliseconds delay to not cause excessive Flood.

Example

cyborg@cyborg:~$ sudo dirb http://192.168.1.18/dirb/pentest/web/dirb/wordlists/common.txt

-----------------
D I R B v2.03    
By The Dark Raver
-----------------

START_TIME: Wed Oct 14 12:16:34 2015
URL_BASE: http://192.168.1.18/dirb/
WORDLIST_FILES: /pentest/web/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 1942                                                          
                                                                               
---- Scanning URL: http://192.168.1.18/dirb/ ----
+ http://192.168.1.18/dirb/0                                             
    (FOUND: 200 [Ok] - Size: 212349)
+ http://192.168.1.18/dirb/Blog/                                          
    ==> DIRECTORY
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?