How to use the command 'dirb' (with examples)

How to use the command 'dirb' (with examples)

dirb is a web content scanner used to find directories and files on web servers. It scans HTTP-based webservers by using a wordlist, identifying potential areas where sensitive information might be stored. This tool is particularly useful in the world of cybersecurity for conducting penetration tests and security audits by revealing hidden files and directories that might otherwise go unnoticed. Below, we explore various examples of how to effectively use dirb.

Use case 1: Scan a webserver using the default wordlist

Code:

dirb https://example.org

Motivation:

Sometimes, when conducting a preliminary security assessment, you want to quickly identify the most common directories and files that are exposed on a web server. The default wordlist in dirb contains a broad selection of pathnames that are most frequently found in web applications, providing a comprehensive starting point for many assessments.

Explanation:

  • dirb: The command to run the dirb program.
  • https://example.org: The target URL, where dirb attempts to find hidden directories and files on the web server.

Example Output:

---- Scanning For Web Directories ----
+ https://example.org/admin (CODE:200 | SIZE:4912)
+ https://example.org/backups (CODE:403 | SIZE:298)
+ https://example.org/config.php (CODE:200 | SIZE:315)

In this output, dirb identifies some directories and files on example.org, showing the HTTP status codes (e.g., 200 for “OK” and 403 for “Forbidden”) and the size of the response.

Use case 2: Scan a webserver using a custom wordlist

Code:

dirb https://example.org path/to/wordlist.txt

Motivation:

Using a custom wordlist allows for a more tailored scan that can be adjusted based on prior knowledge about the web application or specific threats. A custom wordlist can include unique filenames and directory structures that are more likely to exist in certain environments, providing a more focused and efficient scanning process.

Explanation:

  • dirb: Invokes the dirb utility.
  • https://example.org: The URL of the target web server.
  • path/to/wordlist.txt: This specifies a custom wordlist file that dirb will use during the scan. The path should be replaced with the actual path to the wordlist file on your system.

Example Output:

---- Scanning For Web Directories ----
+ https://example.org/secret (CODE:200 | SIZE:550)
+ https://example.org/hidden (CODE:404 | SIZE:119)

Here, the custom wordlist uncovers additional directories such as /secret and /hidden that the default wordlist might not include.

Use case 3: Scan a webserver non-recursively

Code:

dirb https://example.org -r

Motivation:

Non-recursive scans are useful for a quick evaluation of the main directories and files without diving deeply into each found directory. This mode is ideal when you need fast results and are not concerned with nested directories, or when the structure of the web server is expected to be relatively flat.

Explanation:

  • dirb: The dirb command initiates the scan.
  • https://example.org: Designates the target webserver.
  • -r: This flag tells dirb to conduct a non-recursive scan, meaning it will not delve into directories discovered during the scan.

Example Output:

---- Scanning For Web Directories ----
+ https://example.org/home (CODE:200 | SIZE:402)
+ https://example.org/login (CODE:200 | SIZE:1048)

The output shows the discovered directories on the web server without going deeper into subdirectories within each discovered path.

Code:

dirb https://example.org -a user_agent_string -c cookie_string

Motivation:

Sometimes web servers implement measures to restrict access based on the user-agent string or require certain cookies to display content. By customizing these parameters, you replicate the behavior of specific browsers or sessions, which can help bypass certain restrictions or authentication requirements, thereby exposing directories that would otherwise remain hidden.

Explanation:

  • dirb: Runs the dirb command.
  • https://example.org: Represents the web server being scanned.
  • -a user_agent_string: This option specifies the user-agent string to be sent in HTTP requests. This string can mimic a legal browser version or a particular client that the server recognizes.
  • -c cookie_string: Sets a specific cookie string value to include in HTTP requests, which might be necessary to access content limited by session cookies or preferences.

Example Output:

---- Scanning For Web Directories ----
+ https://example.org/profile (CODE:200 | SIZE:620)
+ https://example.org/private (CODE:200 | SIZE:1140)

With the specified user-agent and cookie, dirb identifies directories such as /profile and /private, which could be protected by simple user-agent or cookie-based restrictions.

Conclusion:

dirb is a powerful command-line tool indispensable for cybersecurity professionals, offering flexibility and depth in discovering hidden web content. By utilizing both default and custom wordlists, conducting recursive and non-recursive scans, and modifying HTTP request parameters, users can adapt their scanning process to suit different environments and objectives, ensuring a thorough assessment of web server vulnerabilities.

Tags :

Related Posts

Effective Use of 'redis-server' (with examples)

Effective Use of 'redis-server' (with examples)

Redis is a high-performance, open-source, in-memory data structure store, primarily used as a database, cache, and message broker.

Read More
Understanding and Using the 'defaults' Command on macOS (with examples)

Understanding and Using the 'defaults' Command on macOS (with examples)

The defaults command is an incredibly powerful tool on macOS that allows users to read and write user preference settings for various applications.

Read More
How to Use the Command 'twm' (with Examples)

How to Use the Command 'twm' (with Examples)

The ’twm’ (Tab Window Manager) is a basic window manager for the X Window System, designed to manage windows on a desktop environment.

Read More