We are covering dirsearch tutorial in this post. it's a simple command-line python based website directory/path scanner which can brute-force any targeted site for it's directory and files. This is very common job in pentesting and dirsearch do this job much faster then the traditional DIRB. It is a mush have tool in our Kali Linux machine.
Now with Kali Linux 2021.2 DirSearch comes pre-installed with kali-linux-full image or we can download it by applying following command:
sudo apt install dirsearch -y
After installing it, we can check the help options of dirsearch by using following command:
The above command will show us the help menu of dirsearch as we can see on the following screenshot:
Now it's time to use dirsearch. For an example we assume that google.com is our target and we need to check it's directory and files. We use following command:
dirsearch -u google.com -e aspx,php
Here we look for only php and aspx files, and we have specified our target URL using -u flag.
After running the above command we can see that dirsearch started it's work as we can see on the following screenshot:
Time to scan is depending on our target website's size. When it finished, we can see a "Task Completed" message on our terminal, as we can see in the following screenshot:
On the above screenshot we can see that dirsearch searched for tons of paths and directories on our target website. We might get suspicious or sensitive page from here, but a good bounty hunter or pen tester will gather more information about every location or manually check everything.
Vulnerabilities can be anywhere.
Dirsearch also save the generated output file on a text format (plain, json, xml, md, csv), default format is txt. We can see the path of saved output on the upper side (need to scroll up) of terminal, shown on the following screenshot:
This is how we can search for hidden and sensitive directories using dirsearch on our Kali Linux system. Dirseach is faster then infamous tool DIRB.Love our articles? Make sure to follow us to get all our articles directly on notification. We are also available on Twitter and GitHub, we post article updates there. To join our iTabCode family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.