How to use the command 'dirsearch' (with examples)

How to use the command 'dirsearch' (with examples)

Dirsearch is a web path scanner that allows you to scan a web server for common paths with common extensions. It is a tool that can be used for security testing, vulnerability assessment, or even for website development purposes. It is flexible and customizable, allowing you to specify various options and parameters to suit your needs.

Use case 1: Scan a web server for common paths with common extensions

Code:

dirsearch --url url --extensions-list

Motivation: This use case is useful for scanning a single web server for common paths with common extensions. It helps in identifying common directories or files that may be accessible on the server.

Explanation:

  • --url: Specifies the URL of the web server to be scanned.
  • --extensions-list: Specifies the list of common extensions to be checked.

Example output:

[+] Found: /admin/
[+] Found: /images/
[+] Found: /scripts/
[+] Found: /uploads/
...

Use case 2: Scan a list of web servers for common paths with the .php extension

Code:

dirsearch --url-list path/to/url-list.txt --extensions php

Motivation: This use case is useful for scanning multiple web servers listed in a text file for common paths with the .php extension. It allows you to automate the scanning process and check for common PHP files that may exist on the servers.

Explanation:

  • --url-list: Specifies the path to a text file containing a list of URLs of web servers to be scanned.
  • --extensions: Specifies the file extension(s) to be checked.

Example output:

[+] Found: /admin.php
[+] Found: /index.php
[+] Found: /login.php
...

Use case 3: Scan a web server for user-defined paths with common extensions

Code:

dirsearch --url url --extensions-list --wordlist path/to/url-paths.txt

Motivation: This use case is useful when you want to scan a web server for specific user-defined paths with common extensions. It allows you to customize the scanning process and focus only on the specific directories or files that you are interested in.

Explanation:

  • --url: Specifies the URL of the web server to be scanned.
  • --extensions-list: Specifies the list of common extensions to be checked.
  • --wordlist: Specifies the path to a text file containing a list of user-defined paths.

Example output:

[+] Found: /secret/
[+] Found: /api/
[+] Found: /backup/
...

Code:

dirsearch --url url --extensions php --cookie cookie

Motivation: This use case is useful when you want to scan a web server that requires a cookie to access certain paths. It allows you to include the necessary cookie information in the scan, ensuring that you are able to properly test the server’s security.

Explanation:

  • --url: Specifies the URL of the web server to be scanned.
  • --extensions: Specifies the file extension(s) to be checked.
  • --cookie: Specifies the cookie to be used for authentication or session management.

Example output:

[+] Found: /admin/
[+] Found: /admin.php
[+] Found: /dashboard/
...

Use case 5: Scan a web server using the HEAD HTTP method

Code:

dirsearch --url url --extensions php --http-method HEAD

Motivation: This use case is useful when you want to perform a lightweight scan of a web server using only the HEAD HTTP method. It allows you to quickly check for the existence of files or directories without retrieving their content.

Explanation:

  • --url: Specifies the URL of the web server to be scanned.
  • --extensions: Specifies the file extension(s) to be checked.
  • --http-method: Specifies the HTTP method to be used for scanning (in this case, HEAD).

Example output:

[+] Found: /admin/
[+] Found: /index.php
[+] Found: /login.php
...

Use case 6: Scan a web server, saving the results to a .json file

Code:

dirsearch --url url --extensions php --json-report path/to/report.json

Motivation: This use case is useful when you want to save the scan results to a .json file for further analysis or reporting purposes. It allows you to easily generate a detailed report of the discovered paths and their associated extensions.

Explanation:

  • --url: Specifies the URL of the web server to be scanned.
  • --extensions: Specifies the file extension(s) to be checked.
  • --json-report: Specifies the path and filename of the .json file to be generated.

Example output: The results of the scan will be saved in the specified .json file in a structured format, making it easy to parse and analyze the data.

Conclusion:

The dirsearch command is a powerful web path scanner that can be used for various purposes, including security testing, vulnerability assessment, and website development. It provides several options and parameters to customize the scanning process, allowing you to scan single or multiple web servers, define custom paths, use cookies for authentication, specify HTTP methods, and generate detailed reports.

Tags :

Related Posts

How to use the command xpdf (with examples)

How to use the command xpdf (with examples)

The xpdf command is a portable document format (PDF) file viewer that allows users to open and view PDF files.

Read More
How to use the command adb (with examples)

How to use the command adb (with examples)

The command adb stands for Android Debug Bridge and allows users to communicate with an Android emulator instance or connected Android devices.

Read More
How to use the command etcd (with examples)

How to use the command etcd (with examples)

Etcd is a distributed, reliable key-value store designed for storing critical data in a distributed system.

Read More