View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0004472Kali Linux[All Projects] Queued Tool Additionpublic2018-01-12 12:532021-08-13 13:00
Reportercoloboslexx Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status acknowledgedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0004472: dirsearch - designed to brute force directories and files in webservers.
DescriptionSearch showed that there were no related tickets, sorry if this tool was already discussed.

Please, add dirsearch (https://github.com/maurosoria/dirsearch) tool to Kali repos. This tool has a lot of pros over current similar tools in Kali repos:
- it is multithreaded comparing to dirb;
- it also supports file extensions;
- it has a progress bar comparing to gobuster allowing to estimate time and understand whether the tool is working or just not responding (met such situation several times with gobuster);
- it supports custom headers, cookies, user-agents, proxy, can follow redirects;
- it can create reports in user-friendly manner or in json (easy to parse to other tools/scripts).

Relationships

has duplicate 0006828 closed Dirsearch - a brute force directories and files in webservers. 

Activities

dookie

2018-01-18 20:45

reporter   ~0007830

This tool works well and it works fast. It would make a good addition to the distro.

g0tmi1k

2018-01-29 14:51

administrator   ~0008381

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool?
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [How to install] - How do you compile it?
- [How to use] - What are some basic commands/functions to demonstrate it?

coloboslexx

2018-01-30 09:18

reporter   ~0008564

- [Name] - dirsearch
- [Version] - Current Release: v0.3.8 (2017.07.25)
- [Homepage] - https://github.com/maurosoria/dirsearch
- [Download] - https://github.com/maurosoria/dirsearch
- [Author] - maurosoria
- [Licence] - GNU General Public License, version 2
- [Description] - dirsearch is a simple command line tool designed to brute force directories and files in websites.
- [Dependencies] - python3
- [Similar tools] - gobuster, dirb, dirbuster
- [How to install] - no need to compile
- [How to use] - The basic usage for dirsearch is as follows:
$ python3 dirsearch.py -u https://secure.site.com -e php -w db/dirbuster/directory-list-2.3-medium.txt -x 403
$ python3 dirs3arch.py -u http://xyz.com/ -e php,html -t 5 -w db/dirbuster/directory-list-2.3-medium.txt -x 403 2>&1 | tee results1.txt

maurosoria

2018-02-10 16:25

reporter   ~0008649

I want to add some other basic commands:


Recursirvely scan php in /, /admin/ and /includes/

python3 dirsearch.py -u http://example.com -e php --scan-subdir ",admin,includes"

Using delays:
python3 dirsearch.py -u http://example.com -e php --delay 0.2

Settings Cookies, random User Agents, headers and Proxies:

python3 dirsearch.py -u http://example.com -e php --cookie "PHPSESSID=123456" --random-agents --header "X-Forwarded-For: 127.0.0.1" --headers "admin=1" --http-proxy "http://127.0.0.1:8080"








Here is the --help :


Usage: dirsearch [-u|--url] target [-e|--extensions] extensions [options]

Options:
  -h, --help show this help message and exit

  Mandatory:
    -u URL, --url=URL URL target
    -L URLLIST, --url-list=URLLIST
                        URL list target
    -e EXTENSIONS, --extensions=EXTENSIONS
                        Extension list separated by comma (Example: php,asp)

  Dictionary Settings:
    -w WORDLIST, --wordlist=WORDLIST
    -l, --lowercase
    -f, --force-extensions
                        Force extensions for every wordlist entry (like in
                        DirBuster)

  General Settings:
    -s DELAY, --delay=DELAY
                        Delay between requests (float number)
    -r, --recursive Bruteforce recursively
    --suppress-empty, --suppress-empty
    --scan-subdir=SCANSUBDIRS, --scan-subdirs=SCANSUBDIRS
                        Scan subdirectories of the given -u|--url (separated
                        by comma)
    --exclude-subdir=EXCLUDESUBDIRS, --exclude-subdirs=EXCLUDESUBDIRS
                        Exclude the following subdirectories during recursive
                        scan (separated by comma)
    -t THREADSCOUNT, --threads=THREADSCOUNT
                        Number of Threads
    -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
                        Exclude status code, separated by comma (example: 301,
                        500)
    -c COOKIE, --cookie=COOKIE
    --ua=USERAGENT, --user-agent=USERAGENT
    -F, --follow-redirects
    -H HEADERS, --header=HEADERS
                        Headers to add (example: --header "Referer:
                        example.com" --header "User-Agent: IE"
    --random-agents, --random-user-agents

  Connection Settings:
    --timeout=TIMEOUT Connection timeout
    --ip=IP Resolve name to IP address
    --proxy=HTTPPROXY, --http-proxy=HTTPPROXY
                        Http Proxy (example: localhost:8080
    --max-retries=MAXRETRIES
    -b, --request-by-hostname
                        By default dirsearch will request by IP for speed.
                        This forces requests by hostname

  Reports:
    --simple-report=SIMPLEOUTPUTFILE
                        Only found paths
    --plain-text-report=PLAINTEXTOUTPUTFILE
                        Found paths with status codes
    --json-report=JSONOUTPUTFILE

g0tmi1k

2018-02-12 09:44

administrator   ~0008658

So what can this tool do that gobuster (https://github.com/OJ/gobuster) can't?
What makes it stand out?

coloboslexx

2018-02-12 10:10

reporter   ~0008659

Comparing to gobuster:
- it supports custom headers;
- it has recursive mode, even can scan only particular subdirs;
- it supports delays, custom timeouts;
- it has a progress bar comparing to gobuster allowing to estimate time and understand whether the tool is working or just not responding (met such situation several times with gobuster);
- it can create reports in user-friendly manner or in json (easy to parse to other tools/scripts).

g0tmi1k

2020-02-10 13:37

administrator   ~0012061

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

Issue History

Date Modified Username Field Change
2018-01-12 12:53 coloboslexx New Issue
2018-01-18 20:45 dookie Note Added: 0007830
2018-01-29 14:51 g0tmi1k Note Added: 0008381
2018-01-30 09:18 coloboslexx Note Added: 0008564
2018-02-10 16:25 maurosoria Note Added: 0008649
2018-02-12 09:44 g0tmi1k Note Added: 0008658
2018-02-12 10:10 coloboslexx Note Added: 0008659
2020-01-06 13:25 g0tmi1k Summary dirsearch tool request => dirsearch
2020-02-10 13:37 g0tmi1k Note Added: 0012061
2020-02-10 13:37 g0tmi1k Category New Tool Requests => Queued Tool Addition
2020-02-13 14:23 g0tmi1k Status new => acknowledged
2020-06-17 14:57 g0tmi1k Severity feature => minor
2020-12-01 11:05 g0tmi1k Summary dirsearch => dirsearch - designed to brute force directories and files in webservers.
2021-08-13 13:00 g0tmi1k Relationship added has duplicate 0006828