Dirs3arch - HTTP(S) Directory/File Brute Forcer | KitPloit - PenTest Tools for your Security Arsenal!



Monday, July 14, 2014

on
dirs3arch is a simple command line tool designed to brute force directories and files in websites.

Features
  • Keep alive connections
  • Multithreaded
  • Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc).
  • Recursive brute forcing

Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options]

Options:
  -h, --help            show this help message and exit

  Mandatory:
    -u URL, --url=URL   URL target
    -e EXTENSIONS, --extensions=EXTENSIONS
                        Extensions list separated by comma (Example: php, asp)

  Dictionary Settings:
    -w WORDLIST, --wordlist=WORDLIST
    -l, --lowercase

  General Settings:
    -r, --recursive     Bruteforce recursively
    -t THREADSCOUNT, --threads=THREADSCOUNT
                        Number of Threads
    -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
                        Exclude status code, separated by comma (example: 301,
                        500)
    --cookie=COOKIE, --cookie=COOKIE
    --user-agent=USERAGENT, --user-agent=USERAGENT
    --no-follow-redirects, --no-follow-redirects

  Connection Settings:
    --timeout=TIMEOUT, --timeout=TIMEOUT
                        Connection timeout
    --ip=IP, --ip=IP    Destination IP (instead of resolving domain, use this
                        ip)
    --http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY
                        Http Proxy (example: localhost:8080
    --max-retries=MAXRETRIES, --max-retries=MAXRETRIES

  Reports:
    -o OUTPUTFILE, --output=OUTPUTFILE
    --json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE


Subscribe via e-mail for updates!