View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004472 | Kali Linux | [All Projects] Queued Tool Addition | public | 2018-01-12 12:53 | 2021-08-13 13:00 |
Reporter | coloboslexx | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | acknowledged | Resolution | open | ||
Product Version | |||||
Target Version | Fixed in Version | ||||
Summary | 0004472: dirsearch - designed to brute force directories and files in webservers. | ||||
Description | Search showed that there were no related tickets, sorry if this tool was already discussed. Please, add dirsearch (https://github.com/maurosoria/dirsearch) tool to Kali repos. This tool has a lot of pros over current similar tools in Kali repos: - it is multithreaded comparing to dirb; - it also supports file extensions; - it has a progress bar comparing to gobuster allowing to estimate time and understand whether the tool is working or just not responding (met such situation several times with gobuster); - it supports custom headers, cookies, user-agents, proxy, can follow redirects; - it can create reports in user-friendly manner or in json (easy to parse to other tools/scripts). | ||||
has duplicate | 0006828 | closed | Dirsearch - a brute force directories and files in webservers. |
|
This tool works well and it works fast. It would make a good addition to the distro. |
|
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us): - [Name] - The name of the tool - [Version] - What version of the tool should be added? --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag) - [Homepage] - Where can the tool be found online? Where to go to get more information? - [Download] - Where to go to get the tool? - [Author] - Who made the tool? - [Licence] - How is the software distributed? What conditions does it come with? - [Description] - What is the tool about? What does it do? - [Dependencies] - What is needed for the tool to work? - [Similar tools] - What other tools are out there? - [How to install] - How do you compile it? - [How to use] - What are some basic commands/functions to demonstrate it? |
|
- [Name] - dirsearch - [Version] - Current Release: v0.3.8 (2017.07.25) - [Homepage] - https://github.com/maurosoria/dirsearch - [Download] - https://github.com/maurosoria/dirsearch - [Author] - maurosoria - [Licence] - GNU General Public License, version 2 - [Description] - dirsearch is a simple command line tool designed to brute force directories and files in websites. - [Dependencies] - python3 - [Similar tools] - gobuster, dirb, dirbuster - [How to install] - no need to compile - [How to use] - The basic usage for dirsearch is as follows: $ python3 dirsearch.py -u https://secure.site.com -e php -w db/dirbuster/directory-list-2.3-medium.txt -x 403 $ python3 dirs3arch.py -u http://xyz.com/ -e php,html -t 5 -w db/dirbuster/directory-list-2.3-medium.txt -x 403 2>&1 | tee results1.txt |
|
I want to add some other basic commands: Recursirvely scan php in /, /admin/ and /includes/ python3 dirsearch.py -u http://example.com -e php --scan-subdir ",admin,includes" Using delays: python3 dirsearch.py -u http://example.com -e php --delay 0.2 Settings Cookies, random User Agents, headers and Proxies: python3 dirsearch.py -u http://example.com -e php --cookie "PHPSESSID=123456" --random-agents --header "X-Forwarded-For: 127.0.0.1" --headers "admin=1" --http-proxy "http://127.0.0.1:8080" Here is the --help : Usage: dirsearch [-u|--url] target [-e|--extensions] extensions [options] Options: -h, --help show this help message and exit Mandatory: -u URL, --url=URL URL target -L URLLIST, --url-list=URLLIST URL list target -e EXTENSIONS, --extensions=EXTENSIONS Extension list separated by comma (Example: php,asp) Dictionary Settings: -w WORDLIST, --wordlist=WORDLIST -l, --lowercase -f, --force-extensions Force extensions for every wordlist entry (like in DirBuster) General Settings: -s DELAY, --delay=DELAY Delay between requests (float number) -r, --recursive Bruteforce recursively --suppress-empty, --suppress-empty --scan-subdir=SCANSUBDIRS, --scan-subdirs=SCANSUBDIRS Scan subdirectories of the given -u|--url (separated by comma) --exclude-subdir=EXCLUDESUBDIRS, --exclude-subdirs=EXCLUDESUBDIRS Exclude the following subdirectories during recursive scan (separated by comma) -t THREADSCOUNT, --threads=THREADSCOUNT Number of Threads -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES Exclude status code, separated by comma (example: 301, 500) -c COOKIE, --cookie=COOKIE --ua=USERAGENT, --user-agent=USERAGENT -F, --follow-redirects -H HEADERS, --header=HEADERS Headers to add (example: --header "Referer: example.com" --header "User-Agent: IE" --random-agents, --random-user-agents Connection Settings: --timeout=TIMEOUT Connection timeout --ip=IP Resolve name to IP address --proxy=HTTPPROXY, --http-proxy=HTTPPROXY Http Proxy (example: localhost:8080 --max-retries=MAXRETRIES -b, --request-by-hostname By default dirsearch will request by IP for speed. This forces requests by hostname Reports: --simple-report=SIMPLEOUTPUTFILE Only found paths --plain-text-report=PLAINTEXTOUTPUTFILE Found paths with status codes --json-report=JSONOUTPUTFILE |
|
So what can this tool do that gobuster (https://github.com/OJ/gobuster) can't? What makes it stand out? |
|
Comparing to gobuster: - it supports custom headers; - it has recursive mode, even can scan only particular subdirs; - it supports delays, custom timeouts; - it has a progress bar comparing to gobuster allowing to estimate time and understand whether the tool is working or just not responding (met such situation several times with gobuster); - it can create reports in user-friendly manner or in json (easy to parse to other tools/scripts). |
|
@kali-team, please could this be packaged up. @author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging |
Date Modified | Username | Field | Change |
---|---|---|---|
2018-01-12 12:53 | coloboslexx | New Issue | |
2018-01-18 20:45 | dookie | Note Added: 0007830 | |
2018-01-29 14:51 | g0tmi1k | Note Added: 0008381 | |
2018-01-30 09:18 | coloboslexx | Note Added: 0008564 | |
2018-02-10 16:25 | maurosoria | Note Added: 0008649 | |
2018-02-12 09:44 | g0tmi1k | Note Added: 0008658 | |
2018-02-12 10:10 | coloboslexx | Note Added: 0008659 | |
2020-01-06 13:25 | g0tmi1k | Summary | dirsearch tool request => dirsearch |
2020-02-10 13:37 | g0tmi1k | Note Added: 0012061 | |
2020-02-10 13:37 | g0tmi1k | Category | New Tool Requests => Queued Tool Addition |
2020-02-13 14:23 | g0tmi1k | Status | new => acknowledged |
2020-06-17 14:57 | g0tmi1k | Severity | feature => minor |
2020-12-01 11:05 | g0tmi1k | Summary | dirsearch => dirsearch - designed to brute force directories and files in webservers. |
2021-08-13 13:00 | g0tmi1k | Relationship added | has duplicate 0006828 |