2018-04-24 12:28 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0004472Kali Linux[All Projects] New Tool Requestspublic2018-02-25 23:35
Reportercoloboslexx 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusnewResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0004472: dirsearch tool request
DescriptionSearch showed that there were no related tickets, sorry if this tool was already discussed.

Please, add dirsearch (https://github.com/maurosoria/dirsearch) tool to Kali repos. This tool has a lot of pros over current similar tools in Kali repos:
- it is multithreaded comparing to dirb;
- it also supports file extensions;
- it has a progress bar comparing to gobuster allowing to estimate time and understand whether the tool is working or just not responding (met such situation several times with gobuster);
- it supports custom headers, cookies, user-agents, proxy, can follow redirects;
- it can create reports in user-friendly manner or in json (easy to parse to other tools/scripts).
Attached Files

-Relationships
+Relationships

-Notes

~0007830

dookie (administrator)

This tool works well and it works fast. It would make a good addition to the distro.

~0008381

g0tmi1k (administrator)

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool?
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [How to install] - How do you compile it?
- [How to use] - What are some basic commands/functions to demonstrate it?

~0008564

coloboslexx (reporter)

- [Name] - dirsearch
- [Version] - Current Release: v0.3.8 (2017.07.25)
- [Homepage] - https://github.com/maurosoria/dirsearch
- [Download] - https://github.com/maurosoria/dirsearch
- [Author] - maurosoria
- [Licence] - GNU General Public License, version 2
- [Description] - dirsearch is a simple command line tool designed to brute force directories and files in websites.
- [Dependencies] - python3
- [Similar tools] - gobuster, dirb, dirbuster
- [How to install] - no need to compile
- [How to use] - The basic usage for dirsearch is as follows:
$ python3 dirsearch.py -u https://secure.site.com -e php -w db/dirbuster/directory-list-2.3-medium.txt -x 403
$ python3 dirs3arch.py -u http://xyz.com/ -e php,html -t 5 -w db/dirbuster/directory-list-2.3-medium.txt -x 403 2>&1 | tee results1.txt

~0008649

maurosoria (reporter)

I want to add some other basic commands:


Recursirvely scan php in /, /admin/ and /includes/

python3 dirsearch.py -u http://example.com -e php --scan-subdir ",admin,includes"

Using delays:
python3 dirsearch.py -u http://example.com -e php --delay 0.2

Settings Cookies, random User Agents, headers and Proxies:

python3 dirsearch.py -u http://example.com -e php --cookie "PHPSESSID=123456" --random-agents --header "X-Forwarded-For: 127.0.0.1" --headers "admin=1" --http-proxy "http://127.0.0.1:8080"








Here is the --help :


Usage: dirsearch [-u|--url] target [-e|--extensions] extensions [options]

Options:
  -h, --help show this help message and exit

  Mandatory:
    -u URL, --url=URL URL target
    -L URLLIST, --url-list=URLLIST
                        URL list target
    -e EXTENSIONS, --extensions=EXTENSIONS
                        Extension list separated by comma (Example: php,asp)

  Dictionary Settings:
    -w WORDLIST, --wordlist=WORDLIST
    -l, --lowercase
    -f, --force-extensions
                        Force extensions for every wordlist entry (like in
                        DirBuster)

  General Settings:
    -s DELAY, --delay=DELAY
                        Delay between requests (float number)
    -r, --recursive Bruteforce recursively
    --suppress-empty, --suppress-empty
    --scan-subdir=SCANSUBDIRS, --scan-subdirs=SCANSUBDIRS
                        Scan subdirectories of the given -u|--url (separated
                        by comma)
    --exclude-subdir=EXCLUDESUBDIRS, --exclude-subdirs=EXCLUDESUBDIRS
                        Exclude the following subdirectories during recursive
                        scan (separated by comma)
    -t THREADSCOUNT, --threads=THREADSCOUNT
                        Number of Threads
    -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
                        Exclude status code, separated by comma (example: 301,
                        500)
    -c COOKIE, --cookie=COOKIE
    --ua=USERAGENT, --user-agent=USERAGENT
    -F, --follow-redirects
    -H HEADERS, --header=HEADERS
                        Headers to add (example: --header "Referer:
                        example.com" --header "User-Agent: IE"
    --random-agents, --random-user-agents

  Connection Settings:
    --timeout=TIMEOUT Connection timeout
    --ip=IP Resolve name to IP address
    --proxy=HTTPPROXY, --http-proxy=HTTPPROXY
                        Http Proxy (example: localhost:8080
    --max-retries=MAXRETRIES
    -b, --request-by-hostname
                        By default dirsearch will request by IP for speed.
                        This forces requests by hostname

  Reports:
    --simple-report=SIMPLEOUTPUTFILE
                        Only found paths
    --plain-text-report=PLAINTEXTOUTPUTFILE
                        Found paths with status codes
    --json-report=JSONOUTPUTFILE

~0008658

g0tmi1k (administrator)

So what can this tool do that gobuster (https://github.com/OJ/gobuster) can't?
What makes it stand out?

~0008659

coloboslexx (reporter)

Comparing to gobuster:
- it supports custom headers;
- it has recursive mode, even can scan only particular subdirs;
- it supports delays, custom timeouts;
- it has a progress bar comparing to gobuster allowing to estimate time and understand whether the tool is working or just not responding (met such situation several times with gobuster);
- it can create reports in user-friendly manner or in json (easy to parse to other tools/scripts).
+Notes

-Issue History
Date Modified Username Field Change
2018-01-12 12:53 coloboslexx New Issue
2018-01-18 20:45 dookie Note Added: 0007830
2018-01-29 14:51 g0tmi1k Note Added: 0008381
2018-01-30 09:18 coloboslexx Note Added: 0008564
2018-02-10 16:25 maurosoria Note Added: 0008649
2018-02-12 09:44 g0tmi1k Note Added: 0008658
2018-02-12 10:10 coloboslexx Note Added: 0008659
+Issue History