dirsearch
by maurosoria
dirsearch is an advanced Python-based web path brute-forcer designed for discovering hidden directories and files on web servers.
Web path scanner
Primary Use Case
This tool is primarily used by security professionals, penetration testers, and red teamers to identify potential attack vectors on web applications by uncovering sensitive or misconfigured directories and files. It helps in mapping the attack surface of a web application, revealing hidden administration panels, backup files, or exposed configuration settings.
- Advanced web path brute-forcing
- Support for various wordlist formats
- Recursive scanning capabilities
- Asynchronous request handling for speed
- Proxy support
- Customizable filters and blacklists
- Report generation
- Docker support
Installation
- Ensure Python 3.9 or higher is installed.
- Clone the repository: `git clone https://github.com/maurosoria/dirsearch.git --depth 1`
- Alternatively, download the ZIP file from the releases page.
- Install via PyPi: `pip3 install dirsearch` or `pip install dirsearch`
- Build Docker image: `docker build -t "dirsearch:v0.4.3" .`
Usage
>_ dirsearch -u <target_url>Simple usage to scan a target URL.
>_ dirsearch -u <target_url> -e php,htmlScan with specific extensions.
>_ dirsearch -u <target_url> -w wordlist.txtUse a custom wordlist.
>_ dirsearch -u <target_url> -fForce extensions to be appended to every word in the wordlist.
>_ dirsearch -u <target_url> -rEnable recursive scanning of sub-directories.
>_ dirsearch -u <target_url> -t 100Set the number of threads to 100.
>_ dirsearch -u <target_url> --proxy http://127.0.0.1:8080Use a proxy for requests.
>_ dirsearch -u <target_url> --report report.htmlGenerate an HTML report.
>_ dirsearch -u <target_url> --exclude-extensions .log,.jsonExclude specific file extensions from the scan.
- Integrate dirsearch scans into CI/CD pipelines to detect exposed endpoints early in development.
- Combine dirsearch with automated exploitation frameworks like Metasploit for streamlined red team workflows.
- Use recursive scanning and custom wordlists to uncover deeply nested or obscure web paths.
- Leverage report generation and pause/resume features to manage long-running scans efficiently during assessments.
- Deploy dirsearch in containerized environments to standardize testing across teams and reduce setup complexity.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about dirsearch. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
PayloadsAllTheThings
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
hoppscotch
hoppscotch/hoppscotch
Open source API development ecosystem - https://hoppscotch.io (open-source alternative to Postman, Insomnia)
ImHex
WerWolv/ImHex
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
termux-app
termux/termux-app
Termux - a terminal emulator application for Android OS extendible by variety of packages.
sentry
getsentry/sentry
Developer-first error tracking and performance monitoring
CheatSheetSeries
OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.