Comprehensive Guide on Dirsearch (Part 2)
- Aryan Ahirwar
- Feb 13, 2021
- 5 min read
This is the second instalment of our series comprehensive guide on dirsearch. In the first part of this series, we have discussed some basic command on dirsearch. If you haven’t checked the first part yet you can learn these features from here. In this part, we will try to explore some more option of this command-line tool dirsearch.
Table of Content
URL Attack
Full URL
Exclude Status Codes
Minimal Size
Maximal Size
Random Agent
Include Status Code
Suffixes
Prefixes
Threads
Only Selected
Remove Extensions
Upper Case Directories
Lower Case Directories
Capital Letter Directories
Exclude Text
Exclude Sizes
URL Attack
Firstly, we are taking the reference for simple URL attack. With the help of the [-u] parameter, we can use our web content scanner on a particular targeted URL. To get the required results, we need to ensure that this command is accompanied by an authenticated URL to get the desired results.
./dirsearch.py -u http://testphp.vulnweb.com/As we can see we got some web directories and web pages. In this screenshot, we have highlighted a few things. Like default extensions [php, aspx, jsp, html, js], default HTTP method [GET], default Threads [30] and default wordlist size [10832]. These things act very crucially in our directories attack and we are tacking these as a reference from time to time in our attack.
Full URL
Sometimes these directories attack results can be confusing. To solve these confusions, we have a separated parameter called [–full-url]. This parameter helps us to gone through these results with ease.
./dirsearch.py -u http://testphp.vulnweb.com/ --full-urlAs we can see from these results, we have got full url details now.
Exclude Status Code
We know that, in five groups or divisions, all HTTP response status codes are segregated. The first digit of the status code determines the answer class, while there is no classifying or categorizing function for the last two digits.
There are five classes defined by their standards.
We can exclude this status code with our parameter called [-x]. Through this feature, we can remove the unwanted codes and get our desired results, get only those status which we wanted in our attack schedule.
./dirsearch.py -u http://testphp.vulnweb.com/ -x 301We can also exclude more than one status code by separating them with comma [,].
./dirsearch.py -u http://testphp.vulnweb.com/ -x 301,302,403As we can see in our results for this attack, we only get a successful one due to our parameter.
Minimal Size
Sometime some web pages have lots of small size files. These files have no use for us in offensive purposes so this tool provides us the power to eliminate them with [–minimal] parameter. We just need to specify the size in bytes, which we don’t want in our results.
./dirsearch.py -u http://testphp.vulnweb.com/ -x 301,302,403 --minimal=2048As we can see in results it is showing only the successful results [due to -x parameter] with minimal size set by us which is 2kb or 2048 bytes.
Maximal Size
Wise versa of minimal size, maximal size is used to set the upper limit of the results. The parameter we use to achieve this is [–maximal]. We just need to specify the size in bytes, which we don’t want in our results.
./dirsearch.py -u http://testphp.vulnweb.com/ -x 301,302,403 --maximal=5120We can also provide both minimal and maximal size together, this provides us with a proper range through which we can get a proper scope finding a particular size file.
./dirsearch.py -u http://testphp.vulnweb.com/ -x 301,302,403 --minimal=2048 --maximal=5120
Random Agent
We all recognize that a user agent in computing is a program (a software agent) that operates on behalf of a user, such as a web browser that “retrieves, renders, and facilitates interaction with web content by end-users.”
We can use the random user agent to break the default schedules and get our data results in the brand new order.
./dirsearch.py -u http://testphp.vulnweb.com/ -x 301,302,403 --random-agent
Include Status Code
As we earlier performed exclude status code which would remove the unwanted status code. Include code is just likewise versa in this parameter we include any status code, which we want in our results.
./dirsearch.py -u http://testphp.vulnweb.com/ -i 200We can include more than one status code, by just following this command.
./dirsearch.py -u http://testphp.vulnweb.com/ -i 200,301,302As we can observe these results, it only shows these codes [200, 301, 302].
Suffixes
The grammatically meaning of a suffix. It is a letter or group of letters inserted at the end of a word that creates a new word. This parameter helps us to search only those specific result, which matches our provided suffix to the attack. To get these results in our attack.
./dirsearch.py -u http://testphp.vulnweb.com/ --suffixes=.phpAs we can see these results, we successfully got all those results related through our provided suffix.
Prefixes
The grammatically meaning of a prefix. It is a letter or group of letters inserted at the start of a word that creates a new word. This parameter helps us to search only those specific result, which matches our provided prefix to the attack. To get these results in our attack.
./dirsearch.py -u http://testphp.vulnweb.com/ --prefixes=indexAs we can see these results, it is only showing those results which have our prefixes.
Threads
We can increase or decrease the number of threads. This will increase or decrease the speed of our attack depending upon the number of threads provided by us. As we see earlier in URL attack the by default number threads are set on 30.
As we want to increase the speed of attack so we change it to 100 with the help of [-t] parameter.
./dirsearch.py -u http://testphp.vulnweb.com/ -i 200 -t 100
Only selected
In this parameter called [–only-selected], we got a focused directories wordlist through which only got selected web pages and directories. This can be very useful to find out some great results through the attack.
./dirsearch.py -u http://testphp.vulnweb.com/ -i 200 --only-selectedAs we can see in the banner of this tool our wordlist got shorter size 10832 to 7608.
Remove Extension
We all know the definition of the extension, a file extension (or simply “extension”) is the suffix at the end of a file name that specifies what sort of file it is. We can remove extension files from our results. To get this kind of results we can use our parameter called [–remove-extensions].
./dirsearch.py -u http://testphp.vulnweb.com/ -i 200 --remove-extensionsAs we can see it removes all the extensions.
Upper Case Directories
It just acts like a filter, which only let’s go to the upper-case directories with the help of parameter [-U]. we can apply this filter by using this command.
./dirsearch.py -u http://testphp.vulnweb.com/ -U
Lower Case Directories
Similarly, as above it is just like a filter. Which only let’s go to the lower-case directories with the help of parameter [-L]. we can apply this filter by using this command.
./dirsearch.py -u http://testphp.vulnweb.com/ -i 200 -L
Capital Letter Directories
It acts as a filter, which only let’s go the first letter capital directories with the help of parameter [-C]. we can apply this filter by using this command.
./dirsearch.py -u http://testphp.vulnweb.com/ -i 200 -C
Exclude Text
As earlier we have removed or excluded the unwanted status codes, we can also exclude some text from our results as per our need. By using this parameter called [–exclude-texts].
./dirsearch.py -u http://testphp.vulnweb.com/ -i 200 --exclude-texts=indexAs we can see this result and compare it without filtered results, we can observe that it has excluded index text from its results.
Exclude sizes
As earlier we have removed or excluded the unwanted text, we can also exclude some file sizes from our results as per our need. By using this parameter called [–exclude-sizes].
./dirsearch.py -u http://testphp.vulnweb.com/ -i 200 --exclude-sizes=5KBAs we can see this result and compare it without filtered results, we can observe that it has excluded files sizes have 5KB from its results.
Comments