dirb is a command-line tool used for brute-forcing directories and file names on web servers. It helps in discovering hidden content that isn’t directly linked to on a website.
Common dirb Options:
- -r (Recursive): Scans directories recursively. If a directory is found, Dirb will continue scanning within that directory.
- -v (Verbose): Outputs all results, including responses that aren’t typically displayed.
- -X (Extensions): Adds extensions to the list of items being brute-forced. For example,
php,htmlwill search for files likeindex.phpandindex.html. - -p (Proxy): Allows Dirb to route its requests through a proxy.
Examples of dirb Commands:
- Basic scan of a target website:
> dirb http://example.com - Using a specific wordlist to scan the website:
> dirb http://example.com /usr/share/wordlists/dirb/common.txt - Scan with specific file extensions (e.g.,
.phpand.html):> dirb http://example.com -X .php,.html - Perform a recursive scan:
> dirb http://example.com -r - Verbose output for more details on the scan:
> dirb http://example.com -v