Man page - dirsearch(1)

Packages contains this manual

Package:  dirsearch
apt-get install dirsearch

Manuals in package:
• dirsearch(1)
Documentations in package:
• dirsearch

Manual

DIRSEARCH

NAME
SYNOPSIS
OPTIONS
SEE ALSO

---

NAME

dirsearch - An advanced command-line tool designed to brute force directories and files in webservers

SYNOPSIS

dirsearch.py [ -u|--url ] target [ -e|--extensions ] extensions [ options ]

OPTIONS

--version

show program’s version number and exit

-h , --help

show this help message and exit

Mandatory:

-u URL, --url = URL

Target URL

-l FILE, --url-list = FILE

Target URL list file

--stdin

Target URL list from STDIN

--cidr = CIDR

Target CIDR

--raw = FILE

Load raw HTTP request from file (use ‘--scheme‘ flag to set the scheme)

-e EXTENSIONS, --extensions = EXTENSIONS

Extension list separated by commas (Example: php,asp)

-X EXTENSIONS, --exclude-extensions = EXTENSIONS

Exclude extension list separated by commas (Example: asp,jsp)

-f , --force-extensions

Add extensions to every wordlist entry. By default dirsearch only replaces the %EXT% keyword with extensions

Dictionary Settings:

-w WORDLIST, --wordlists = WORDLIST

Customize wordlists (separated by commas)

--prefixes = PREFIXES

Add custom prefixes to all wordlist entries (separated by commas)

--suffixes = SUFFIXES

Add custom suffixes to all wordlist entries, ignore directories (separated by commas)

--only-selected

Remove paths have different extensions from selected ones via ‘-e‘ (keep entries don’t have extensions)

--remove-extensions

Remove extensions in all paths (Example: admin.php -> admin)

-U , --uppercase

Uppercase wordlist

-L , --lowercase

Lowercase wordlist

-C , --capital

Capital wordlist

General Settings:

-t THREADS, --threads = THREADS

Number of threads

-r , --recursive

Brute-force recursively

--deep-recursive

Perform recursive scan on every directory depth (Example: api/users -> api/)

--force-recursive

Do recursive brute-force for every found path, not only paths end with slash

-R DEPTH, --recursion-depth = DEPTH

Maximum recursion depth

--recursion-status = CODES

Valid status codes to perform recursive scan, support ranges (separated by commas)

--subdirs = SUBDIRS

Scan sub-directories of the given URL[s] (separated by commas)

--exclude-subdirs = SUBDIRS

Exclude the following subdirectories during recursive scan (separated by commas)

-i CODES, --include-status = CODES

Include status codes, separated by commas, support ranges (Example: 200,300-399)

-x CODES, --exclude-status = CODES

Exclude status codes, separated by commas, support ranges (Example: 301,500-599)

--exclude-sizes = SIZES

Exclude responses by sizes, separated by commas (Example: 123B,4KB)

--exclude-texts = TEXTS

Exclude responses by texts, separated by commas (Example: ’Not found’, ’Error’)

--exclude-regexps = REGEXPS

Exclude responses by regexps, separated by commas (Example: ’Not foun[a-z]{1}’, ’ˆError$’)

--exclude-redirects = REGEXPS

Exclude responses by redirect regexps or texts, separated by commas (Example: ’https://okta.com/*’)

--exclude-response = PATH

Exclude responses by response of this page (path as input)

--skip-on-status = CODES

Skip target whenever hit one of these status codes, separated by commas, support ranges

--minimal = LENGTH

Minimal response length

--maximal = LENGTH

Maximal response length

--max-time = SECONDS

Maximal runtime for the scan

-q , --quiet-mode

Quiet mode

--full-url

Full URLs in the output (enabled automatically in quiet mode)

--no-color

No colored output

Request Settings:

-m METHOD, --http-method = METHOD

HTTP method (default: GET)

-d DATA, --data = DATA

HTTP request data

-H HEADERS, --header = HEADERS

HTTP request header, support multiple flags (Example: -H ’Referer: example.com’)

--header-list = FILE

File contains HTTP request headers

-F , --follow-redirects

Follow HTTP redirects

--random-agent

Choose a random User-Agent for each request

--auth-type = TYPE

Authentication type (basic, digest, bearer, ntlm)

--auth = CREDENTIAL

Authentication credential (user:password or bearer token)

	--user-agent = USERAGENT
	--cookie = COOKIE

Connection Settings:

--timeout = TIMEOUT

Connection timeout

-s DELAY, --delay = DELAY

Delay between requests

--proxy = PROXY

Proxy URL, support HTTP and SOCKS proxies (Example: localhost:8080, socks5://localhost:8088)

--proxy-list = FILE

File contains proxy servers

--replay-proxy = PROXY

Proxy to replay with found paths

--scheme = SCHEME

Default scheme (for raw request or if there is no scheme in the URL)

--max-rate = RATE

Max requests per second

--retries = RETRIES

Number of retries for failed requests

-b , --request-by-hostname

By default dirsearch requests by IP for speed. This will force dirsearch to request by hostname

--ip = IP

Server IP address

--exit-on-error

Exit whenever an error occurs

Reports:

-o FILE, --output = FILE

Output file

--format = FORMAT

Report format (Available: simple, plain, json, xml, md, csv, html)

You can change the dirsearch default configurations (default extensions,

timeout, wordlist location, ...) by editing the "/etc/dirsearch/default.conf" file. More information at https://github.com/maurosoria/dirsearch.

SEE ALSO

The full documentation for dirsearch is maintained as a Texinfo manual. If the info and dirsearch programs are properly installed at your site, the command

info dirsearch

should give you access to the complete manual.

---