Web Application Analysiswebscannerbruteforcedirectoryenumerationdictionary

DIRB

DIRB is a Web Content Scanner that looks for existing and hidden web objects by launching dictionary-based attacks against web servers. It analyzes HTTP responses to identify directories, files, and other content.

Description

DIRB is a URL bruteforcing tool designed for professional web application auditing, particularly in security testing. It helps uncover web objects that generic CGI scanners miss, focusing on content discovery rather than vulnerability detection. The tool comes with preconfigured wordlists but supports custom ones, making it versatile for targeted scans.

Use cases include enumerating hidden directories and files on web servers during penetration testing. It covers gaps left by classic vulnerability scanners by specifically hunting for web objects through response analysis. DIRB is not a vulnerability scanner but excels at content discovery for further manual assessment.

The package includes supporting utilities like dirb-gendict for generating custom dictionaries and html2dic for extracting words from HTML files to build wordlists.

How It Works

DIRB launches dictionary-based attacks by sending HTTP requests for each word in the wordlist appended to the base URL. It analyzes server responses, particularly HTTP status codes and response sizes, to identify existing content. Features like fine-tuning 404 detection, handling redirects, and extension amplification allow precise identification of directories, files, and hidden objects.

Installation

bash

sudo apt install dirb

Flags

-a <agent_string>Specify your custom USER_AGENT. (Default is: "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)")

-bDon't squash or merge sequences of /../ or /./ in the given URL.

-c <cookie_string>Set a cookie for the HTTP request.

-E <certificate>Use the specified client certificate file.

-fFine tunning of NOT_FOUND (404) detection.

-H <header_string>Add a custom header to the HTTP request.

-iUse case-insensitive Search.

-lPrint "Location" header when found.

-N <nf_code>Ignore responses with this HTTP code.

-o <output_file>Save output to disk.

-p <proxy[:port]>Use this proxy. (Default port is 1080)

-P <proxy_username:proxy_password>Proxy Authentication.

-rDon't Search Recursively.

-RInteractive Recursion. (Ask in which directories you want to scan)

-SSilent Mode. Don't show tested words. (For dumb terminals)

-tDon't force an ending '/' on URLs.

-u <username:password>Username and password to use.

-vShow Also Not Existent Pages.

-wDon't Stop on WARNING messages.

-x <extensions_file>Amplify search with the extensions on this file.

-X <extensions>Amplify search with this extensions.

-z <milisecs>Delay between requests in milliseconds.

Examples

Scan the web server (http://192.168.1.224/) for directories using a dictionary file (/usr/share/wordlists/dirb/common.txt)

dirb http://192.168.1.224/ /usr/share/wordlists/dirb/common.txt

Generate dictionary incrementally with numeric pattern, producing entries like thisword_0 to thisword_9

dirb-gendict -n thisword_X

Generate dictionary incrementally with lowercase character pattern

dirb-gendict -c thisword_X

Generate dictionary incrementally with uppercase character pattern

dirb-gendict -C thisword_X

Generate dictionary incrementally with hexadecimal pattern

dirb-gendict -h thisword_X

Generate dictionary incrementally with alphanumeric pattern

dirb-gendict -a thisword_X

Dump word dictionary from HTML input file, extracting all words to stdout

html2dic <file>

Updated 2026-04-16kali.org ↗