How to use the command 'dirb' (with examples)

The ‘dirb’ command is a tool used for scanning HTTP-based webservers to search for directories and files. It can be particularly useful for vulnerability assessments and penetration testing, allowing you to discover hidden directories and sensitive files that may be publicly accessible. This article will illustrate several use cases of the ‘dirb’ command, along with their respective code, motivations, and explanations.

Use case 1: Scanning a webserver using the default wordlist

Code:

dirb https://example.org

Motivation:

Using the default wordlist is a straightforward way to scan a webserver for common directories and files. This is useful when you want to quickly identify any potentially accessible resources on a website.

Explanation:

• https://example.org: This is the target webserver URL.

Example output:

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Sun Jan 30 10:30:00 2022
URL_BASE: https://example.org/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612                                                          

---- Scanning URL: https://example.org/ ----
+ http://example.org/config.php (CODE:200|SIZE:2965)                                                    
+ http://example.org/index.html (CODE:200|SIZE:759)                                                     
+ http://example.org/robots.txt (CODE:200|SIZE:16)                                                      
                                                                                                        
-----------------
END_TIME: Sun Jan 30 10:31:00 2022
DOWNLOADED: 4612 - FOUND: 3

Use case 2: Scanning a webserver using a custom wordlist

Code:

dirb https://example.org path/to/wordlist.txt

Motivation:

Using a custom wordlist allows you to tailor the scanning process to your specific requirements. This is helpful when you want to focus on certain directories or files that may not be covered by the default wordlist.

Explanation:

• https://example.org: This is the target webserver URL.
• path/to/wordlist.txt: This is the path to the custom wordlist file.

Example output:

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Sun Jan 30 10:35:00 2022
URL_BASE: https://example.org/
WORDLIST_FILES: path/to/wordlist.txt

-----------------

GENERATED WORDS: 2368                                                          

---- Scanning URL: https://example.org/ ----
+ http://example.org/login.php (CODE:200|SIZE:4325)                                                     
+ http://example.org/sitemap.xml (CODE:200|SIZE:386)                                                    
                                                         
-----------------
END_TIME: Sun Jan 30 10:36:00 2022
DOWNLOADED: 2368 - FOUND: 2

Use case 3: Scanning a webserver non-recursively

Code:

dirb https://example.org -r

Motivation:

Performing a non-recursive scan restricts the search to the target directory only, without exploring subdirectories. This can be useful when you are only interested in the immediate content of a specific directory.

Explanation:

• https://example.org: This is the target webserver URL.
• -r: This option enables a non-recursive scan.

Example output:

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Sun Jan 30 10:40:00 2022
URL_BASE: https://example.org/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 5272                                                          

---- Scanning URL: https://example.org/ ----
+ http://example.org/index.html (CODE:200|SIZE:759)                                                     
+ http://example.org/robots.txt (CODE:200|SIZE:16)                                                      
                                                                                                        
-----------------
END_TIME: Sun Jan 30 10:41:00 2022
DOWNLOADED: 5272 - FOUND: 2

Use case 4: Scanning a webserver using a specified user-agent and cookie for HTTP-requests

Code:

dirb https://example.org -a user_agent_string -c cookie_string

Motivation:

Specifying a user-agent and cookie string allows you to simulate different types of client requests during the scanning process. This can help in cases where specific user-agent or cookie values are required to access certain directories or files.

Explanation:

• https://example.org: This is the target webserver URL.
• -a user_agent_string: This option sets a custom user-agent string for the HTTP-requests.
• -c cookie_string: This option sets a custom cookie string for the HTTP-requests.

Example output:

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Sun Jan 30 10:45:00 2022
URL_BASE: https://example.org/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 5272                                                          

---- Scanning URL: https://example.org/ ----
+ http://example.org/index.html (CODE:200|SIZE:759)                                                     
+ http://example.org/admin (CODE:403|SIZE:784)                                                          
                                                                                                        
-----------------
END_TIME: Sun Jan 30 10:46:00 2022
DOWNLOADED: 5272 - FOUND: 2

Conclusion:

The ‘dirb’ command is a powerful tool for scanning HTTP-based webservers and uncovering directories and files that may be publicly accessible. By understanding the various use cases and options available, you can effectively identify potential vulnerabilities and improve the security of your web applications. Remember to use this tool responsibly and obtain proper authorization before scanning websites that are not your own.