Best Telegram Programming Groups For Coders &Developers   It Wasn’t Me - Secure Your Account   Mr.Robot All Seasons 1,2,3 Full | Free Torrent Download   Mr.Robot All Seasons 1,2,3,4 Full | Watch Online [FREE]   5 Tips Will Keep You Safe During Christmas Holiday’s Online Shopping   You Can Get All Adobe Apps For $30 a Month Right Now   How To Wipe An iPhone Clean (ERASE) Before Selling?   Programming Languages To Learn To Be An Expert Hacker!   Cybercriminals exchange tips on underground forums about avoiding arrests   A comprehensive look into emerging Signal encrypted messaging application   A Detailed Comparison of WhatsApp, Telegram & Signal   How Telegram End-to-end Encryption Works To Provide Security ?   Flubot Malware is Spreading Quickly Through Android Devices   WhatsApp End-to-End Encryption and its Privacy Importance - Alternatives,Signal & Telegram   What is Credit Card Skimming And How To Protect Yourself From it ?   Where to hire react programmer and 3 essential skills to look for   Top 8 Basic Google Search Dorks [Live Examples]   [Penetration Testing] Top 70 Most Interview Questions   Why VPN Is Necessary ? [Detailed Guide]   Top 10 Dangerous Viruses Of All Times   List Of Common HTTP Error Status Codes   “Hello World!” Program In Different Programming Languages   100 Basic Computer Related G.K. Questions   Email Security - Tips And Tricks   Fonts Hub Collection (Free Design Resources)   Top 8 Softwares Free Download - No Credit Card Needed [2022 Update]   Shortcomings That Leads An Entrepreneur Towards Failure   5 Basic Steps To Protect Your Personal Data Online   What is Intel SGX and What are the Benefits ?   15 Things You Need to Know About Maintaining The Logs   How to think like a programmer - lessons in problem solving   How To Get Voice Like Anonymous Voice   Life Story of Microsoft Founder Bill Gates - Documentary   Own Private Search Engine in Linux Will Save Our Privacy   Best Etcher alternatives to Create Bootable USB   Music For Programming - Coding Music / Hacking Music   School Management Software v3.1 Premium + Crack   JavaFX Chat Client/Server + Source Code   Top 25 Keyword Research Tools [Search Engine Optimization]   A Quick SEO Checklist - 2023 Update   Online Domain Authority (DA) Rank Checker Websites   33 Things In SEO For Which Google Will Give Your Student Blog High Positions   How to Close the Site from indexing using robots.txt   10 SEO Tools all Small Businesses Need in 2023   Earth Rise Application + Code   Animation along a path + Code   Zen Pong Game in Java Language + Code   Simple Flying Bird Game + Code Files   Game Snake Simple + Code Files   The Space 'Sun & Earth' | HTML,CSS,JavaScript   File System in Web (Explorer in Windows and Finder in OSX)   Admin Dashboard Template built using Bootstrap + Code   Website Template For Admin Dashboard + Code   Youtube Playlist Downloader Script   How To Create A Stopwatch In Python   Python TicTacToe with Tk and minimax AI   Deskreen turns any device with a web browser into a secondary screen for your computer   Download Algorithms Book | Dummies Store   OSI Model And TCP/IP Model   How to Fix SSH Failed Permission Denied (publickey,gssapi-keyex,gssapi-with-mic)   What Is Load Balancing? Definition and How It Works   How to Setup FTP Server on Your Raspberry Pi   Download Windows 10 Lite Edition x64 | Direct Link   How To Recover Permanently Deleted Files In Windows 10 ?   How to make Fake Error Message Script in Windows   20 Essential Windows keyboard Shortcuts that will make you forget your mouse   How To Fix The DLL Missing Error In Windows 7 ?   Create Hotspot on Windows 10 in 6 steps   Download Microsoft Office Professional Plus 2016   Download DriverPack Solution Offline | Full   How To Create Simple And Password Protected ZIP File in Linux   2 Ways To Save Terminal Output of a Command in Linux   6 Best Tools to Monitor Disk IO Performance in Linux   Top 15 Best Websites (Blogs) to Learn Linux Online   How to Delete files older than 30 Days in Linux   What is the difference between apt and apt-get command   Fail2Ban Installation & Setup: Ubuntu, CentOS, Fedora & Debian   How to List Running Processes in Linux   How to Use the who Command in Linux with Examples   FOREMOST - Recover Permanently Deleted Files Easily in Kali Linux   Funny Linux Commands to Try   Command line interface guidelines, to help you write better command-line programs ...   How to Install Google Chrome Web Browser on Ubuntu 20.04   Learn Adobe Photoshop | 33 Episode Course   Window Privilege Escalation: Automated Script   Linux Privilege Escalation: Automated Script   How To Retrieve & Decrypt Stored Passwords in Firefox & Chrome Remotely   ACLight: An Advanced Privileged Account Discovery Tool   How to change Lock Screen Background on Kali Linux XFCE   Best 20 Kali Linux Tools For Hacking And Penetration Testing   How to Run Windows Application and Games on Kali Linux   How to run C and C++ programs in Kali Linux   Control Kali Linux PC From any Mobile or Tablet   How to Enable root User Account in Kali Linux   How to Configure Static IP address in Kali Linux   Bash vs ZSH in Kali Linux   [Solved] E: Unable to locate package in Kali Linux   Hosting a Local Website with Domain Name on Kali Linux over WiFi   Install Docker in Kali Linux and Run Other OS   How to Install Kali Linux | A Total Guide to Install Kali Linux   NetHunter Rootless - Official Kali NetHunter for non rooted phones   How to set up own VPN server in 10 minutes on Kali Linux using OpenVPN   Configuring The ProxyChains   Install Python3 in Kali Linux   TempoMail - Command Line Temporary Email in Linux   NIPE - Fully Anonymize Total Kali Linux System   How to Install Google Chrome & Chromium on Kali Linux [Official Method]   15 Best Laptops For Kali Linux & Cyber Security - Check This Before Buy   Volatolity - Digial Forensic Testing of RAM on Kali Linux   Limit the Internet Speed of LAN Users [Evil Limiter]   Find Virtual Machine IP Through Kali Linux - 3 Methods   Privilege Escalation with PowerShell Empire and SETOOLKIT [Kali Linux]   How to use kill, pkill and killall Commands to Kill any Linux Process   20 Useful Tar Commands For Extraction and Compression   Create a Fake AP with DNSMASQ and HOSTAPD [Kali Linux]   How to Fully Anonymize Your Linux System with Tor using Nipe   Hack Windows/Linux using ARCANUS Framework – 100% FUD   Simple and Target Mac Flooding - Kali Linux   Get Free Kali Linux on AWS with Public IP - Real Time Penetration Testing   What’s the difference Between Tails and Tor browser?   Does Tor Hide you From Your ISP? Should I surf internet using Tor ?   Wireshark for Pentester: Decrypting RDP Traffic   Exploit Wi-Fi Vulnerabilities with Routersploit on Termux and Linux   Man in The Middle Attack & How To Prevent it   Masscan - 1000 Times Faster Than NMAP   Wireshark - Shark in Wires | Network Protocol Analyzer in Kali Linux   Wifite - Easy Automated Wireless Attack   WiFi-Pumpkin 3 - Dangerous Access Point   Evil Twin Attack with DNSMASQ - Wireless WPA2-PSK Cracking   Sniffing with Rogue Access Point [DNSMASQ and TCPFLOW]   Hack Wi-Fi Settings of Windows Machine Remotely [After Meterpreter]   Wi-Fi deauthentication attack against 802.11 protocol   Bypass Hidden SSID in a Wireless Network [Full Proof Method]   Crack WPA/WPA2-PSK using Aircrack-ng and Hashcat   Crack WPA2-PSK Wi-Fi with automated python script - FLUXION PART 1   Set Default Version of Python : [SOLVED] update-alternatives: error: no alternatives for p   Python Scripting: Information Gathering and Automating Ethical Hacking   15 Essential Meterpreter Commands Everyone Should Know   Find Vulnerable Webcams with Shodan [Metasploit Framework]   TCP & SYN Scanning with Metasploit Framework without NMAP   Meterpreter Useful Top 60 Commands List   The Web Application Hacker's Handbook 2   Hacking GPS Book   MadCam - Termux Hack Front camera by Sending link   How to Download Files In Termux   IPdrone Termux - Find Location of Person it IP in Termux   ReconDog Termux - Best Reconnaissance Tool For Termux   Termux SSH: Use Termux in Windows Using SSH Server   How to Install and Use Fsociety-Tool In Termux   Termux-YTD : Download Youtube Videos with Termux   Use CMatrix Package Like a Pro   L3MON - Access Android Devices Remotely   Hack Android using Metasploit over LAN/WAN   Ghost Framework - Control Android Devices Remotely   Top 10 Vulnerable Android Applications [Penetration Testing]   Find Hidden Subdomains on Any Website with Subfinder   Blind Sql Injection with Regular Expressions Attack   Useful Google Dorks For Bug Bounty Hunters   HTML5 Security CheatSheet - What your browser does when you look away...   30,000 Sites Is In RISK, The Plus Addons For Elementor WordPress Plugin Hacked   WPScan - Find Vulnerabilities in WordPress Websites on Kali Linux   Wapiti - Automated Vulnerability Scanner   Generate 100% FUD Backdoor with TheFatRat - Windows 10 Exploitation   TheFatRat hacking tool to create undetectable backdoors   How to Make a Keylogger in Python + Code   How to create a keylogger in PowerShell ?   Backdoor Program using Python (Remote Access Explain)   Man in the Middle Attack with Websploit Framework   Hack Windows 10 Remotely over WAN with Metasploit [No Port Forwarding]   15 Powerful Gadgets For Ethical Hackers | Hardware Tools for Hackers   Find Vulnerabilities using NMAP Scripts (NSE)   Free Vulnerability Database And Resources   Firefox Browser Vulnerable to (MITM) Man-in-the-Middle Attack   Find Vulnerabilities in Military Networks By Participating Hack The Army Bug Bounty Progr. 

x32x01

ADMINISTRATOR
In this article, we will learn how we can use Dirsearch. It is a simple command-line tool designed to brute force directories and files in websites. Which is a Python-based command-line website directory scanner designed to brute force site structure including directories and files.

Table of Content
  • Introduction to Dirsearch
  • Setup
  • Target URL
  • Save Output in Different Formats
  • No Colour
  • Quite mode
  • Normal scan vs Recursive scan
  • Post method
  • Delay request
  • Version scan
Introduction to Dirsearch
Dirsearch is a professional command-line method for the brute force of web server folders and files. It has now become the top Web content scanner with 6 years of success.

It provides users with the ability to explore complex web content as a feature-rich tool, with many wordlist vectors, high accuracy, impressive performance, advanced connection/request settings, modern brute-force techniques and nice results.

It is a strong competitor in the directory scanner arena, with features such as multi-threading, proxy support, request latency, user agent randomization, and support for multiple extensions.

It is being actively developed by @maurosoria and @shelld3v.

Setup
It is a Python-written method used to brute-force web directories and files that are secret. It can run on Windows, Linux, and macOS, and provides a simple but powerful interface for the command line.

We are installing this tool in our kali, using the git-clone command to install Dirsearch web content scanner tool.
Code:
git clone https://github.com/maurosoria/dirsearch.git

1.png

After installing this tool, we need to navigate through its directories and search for dirsearch.py. Now, all we need just run this python written tool with [-h] parameter through this we can see all its parameter with their functions.
Code:
./dirsearch.py -h

2.png

Let’s get started

Target URL
We can use our web content scanner on a specific targeted URL with the help of [-u] parameter. To get appropriate results we need to make sure that it is an authenticated URL follow this command to get the desired results.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/

As we can see we got some web directories and web pages.

3.png

Save Output in Different Formats
We can save our output which we get from the attack in different-different formats to learn further from them. This parameter helps us to get through those details of these formats. Let’s explore them one by one.

Save output in Simple format
We can save our result in the simple format with the help of [–simple-report] parameter. Through this feature, we can better analyse the results which we got from this attack. Follow this command to proceed further.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ --simple-report=report

4.png

After creating this report, we can cross verify its location in the system. Now use nano command to see this report.

5.png

As we can clearly see that our simple format result is successfully created. Now, we can analyse our results easily.

6.png

Save output in JSON format
JSON is an open standard file format and data exchange format that stores and transmits data objects consisting of attribute-value pairs and array data types using human-readable text. It is a very common data format with a wide variety of uses, such as being used in AJAX systems as a substitute for XML. With this method, we can build this kind of output result format by just following these commands.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ --json-report=report

7.png

Similarly, as above we are using nano command to start analysing our result.

8.png

Save output in XML format
Extensible Mark-up Language (XML) is a mark-up language that specifies a collection of rules that are both human-readable and machine-readable to encode documents in a format. By using some commands, we can build our XML format result copy with this tool.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ --xml-report=report

9.png

Similarly, as above we are using nano command to start analysing our result.

10.png

Save output in Markdown format
For creating formatted text using a plain-text editor, Markdown is a lightweight mark-up language. In 2004, John Gruber and Aaron Swartz created Markdown as a mark-up language that, in its source code form, appeals to human readers. We can build our markdown format result copy by using this command with this tool.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ --markdown-report=report

11.png

Similarly, as above we are using nano command to start analysing our result.

12.png

Save Output in CSV format
A comma-separated value file is a delimited text file that separates values using a comma. A data record is any line of the file. Each record, separated by commas, consists of one or more fields. By using some commands, we can build our CSV result copy with this method.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ --csv-report=report

13.png

Similarly, as above we are using nano command to start analysing our result.

14.png

Save output in Plain format
Simple text is a loose term for knowledge in computing that only represents characters of readable content, but not its graphical representation or other artefacts. It may also include a limited number of whitespace characters, such as spaces, line breaks, or tab characters, that affect the simple arrangement of text. By using some commands, we can create a plain text results copy with this method.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ --plain-text-report=report

15.png

Similarly, as above we are using nano command to start analysing our result.

16.png

No Colour
If colours are bothering us from concentrating on our analysis or results. We can remove all the colours occurs in our results from the attack, by using [–no-colour] parameter we can achieve this function. Follow this command to get these results.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ --no-color

17.png

Quite Mode
Quite mode is used in a more hush-hush manner to run dirsearch. If you’re the type of person who doesn’t want a huge banner telling everybody what you’re doing on your system, you’ll like this choice. Basically, this allows for a cleaner screen as it executes the commands you send it, without the funny cow showing up on top.

Just use this [-q] parameter with this command to see the results
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ -q

18.png

Normal scan vs Recursive scan
The method of scanning everything in a folder, including subfolders, is known to all of us. We compare a normal scan against a recursive scan in this section.

Firstly, we only use the [-u] parameter in the normal scan to get through victim URLs. In order to begin this scan, follow this instruction.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/

19.1.png

Now, secondly, in the same command, when we use the parameter [-r] along with it. By just initiating this attack on the victim, it will help us go through each folder and its sub folders.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ -r

As we can see these results, with specific wording, it attaches some more results, such as added to the queue in the ongoing attack.

19.2.png

Now, after completing the usual scan for some time, it will go through each and every sub-folder for the recursive scan. As we can see clearly in this screenshot, it goes for the victim’s subfolders and tells us about our attack’s incomplete work.

19.3.png

Post method
We know that, for a given resource, HTTP defines a set of request methods to indicate the required action to be performed.

But in the post method, POST is an HTTP supported request method used by the World Wide Web. The POST request method, by design, requires a web server to accept the data enclosed in the request message body, most likely to store it. It normally works with the GET HTTP method, which is used in the name or value pair to append the form data to the URL. If you use GET, the URL length will remain restricted. This enables users to submit the result of the bookmark.

Now, we are exploring this other side with the help of [-m] parameter with this command.

As we can these results are different and unique in comparison to the GET request method which we performed earlier. It shows some different web pages and web directories.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ -m POST

20.png

Delay request
It just another normal scan with some specific delay between each and every request in our attack. These sort of things provide proper exposure of a particular request. We can achieve this feature with the help of [-s] parameter with specified time in seconds.
Code:
./dirsearch.py -u http://testphp.vulnweb.com/ -s 10

21.png

Version scan
As we all know that our dirsearch web content scanner is constantly being updating with the time. Some feature will add in the with the demand of time. We can use [–version] parameter to see that, if our tool is up to date or not.
Code:
./dirsearch.py --version

22.png

This is our first instalment in the series of Dirsearch’s Beginners Guide. Cantered on some of Dirsearch’s core functions. In this incredible method, stay tuned for more advance option.
 
Top