Menu
▾
▴
dirb-en
dirb
Phase(s):
Primary: Discovery.
Secondary: N/A.
Description:
Tool that performs an automatic web content scan inside an a application by sending and analyzing petitions with the help of a data dictionary, this with the objective of enumerate files and directories present on the web application.
Objective:
- Identify resources present inside the web applications such as: configuration files, administration pages, test pages, etc.
Features:
Supported technologies: Web applications (HTTPS/HTTPS).
Operative mode: Active.
Identify resources present inside the web applications such as: configuration files, administration pages, test pages, etc.
- Web content detection.
- Provides default data dictionaries for several technologies such as apache, SharePoint, tomcat, web logic, etc.
- Provide a functionality to create custom data dictionaries.
- Support for proxies with/out authentication.
Reports:
Output reports: ✔
Plain text file that saves the following information:
- Scanning configuration options
- List of resources detected.
Basic usage:
Perform a web content scan inside the application. The following command initiates the scan:
./dirb http://sitio.com/aplicación/ wordlists/common.txt,wordlists/vulns/jrun.txt,wordlists/vulns/apache.txt -X ,.php,.html,.htm -o scan_dirb.txt.
Where:
- URL: Web application to be scanned.
- Data dictionaries: Required data dictionaries to be included in the scan.
- -X: Extension configuration: Comma separated extensions to be include to the data dictionaries word.
- -o: Export file name.
The tool will display the scanning details:
-----------------
DIRB v2.03
By The Dark Raver
-----------------
OUTPUT_FILE: ./scan_dirb.txt
START_TIME: Tue Oct 22 16:11:50 2013
URL_BASE: http://sitio.com/aplicacionWORDLIST_FILES: wordlists/common.txt,wordlists/vulns
/jrun.txt,wordlists/vulns/apache.txt
OPTION: Fine tunning of NOT_FOUND detection
EXTENSIONS_LIST: (,.php,.html,.htm) | ()(.php)(.html)(.htm) [NUM = 4]
-----------------
GENERATED WORDS: 1972
DIRB v2.03
By The Dark Raver
-----------------
OUTPUT_FILE: ./scan_dirb.txt
START_TIME: Tue Oct 22 16:11:50 2013
URL_BASE: http://sitio.com/aplicacionWORDLIST_FILES: wordlists/common.txt,wordlists/vulns
/jrun.txt,wordlists/vulns/apache.txt
OPTION: Fine tunning of NOT_FOUND detection
EXTENSIONS_LIST: (,.php,.html,.htm) | ()(.php)(.html)(.htm) [NUM = 4]
-----------------
GENERATED WORDS: 1972
Then, it will begin the scan on the web application using the specified data dictionaries. Based on the scanning process, the tool will displays the results detected.
---- Scanning URL:
+ /Home.php
(FOUND: 200 [Ok] - Size: 189)
+ /Images/
==> DIRECTORY
+ /Home.php
(FOUND: 200 [Ok] - Size: 189)
+ /Images/
==> DIRECTORY
Finally, the tool will display the scanning results that contain the number of word combinations used and the matching resources founds inside the web application.
-----------------
DOWNLOADED: 7888 - FOUND: 26
DOWNLOADED: 7888 - FOUND: 26
Resources:
Link: http://dirb.sf.net
Author (s): The Dark Raver
Contact: darkraver [at] open-labs.org
License: GNU GENERAL PUBLIC LICENSE Version 2
