Dirb is a command-line web content scanner included in Kali Linux, used to discover hidden files and directories on a web server. It performs brute-force attacks by using wordlists to find potentially sensitive information that might not be listed or visible in a website’s directory structure.
Key Features:
- Directory and File Brute-Forcing: Attempts to find hidden directories and files by brute-forcing URL paths using a wordlist.
- Recursive Scanning: Can perform recursive scans to discover deeper directory structures.
- Custom Wordlists: Supports using custom wordlists for more tailored brute-force attacks.
- Extension Scanning: Can search for specific file extensions (e.g., .php, .txt, .html) to narrow down or expand the search.
Common Dirb Commands:
dirb <target-url>
dirb <target-url> <wordlist-path>
dirb http://example.com /usr/share/dirb/wordlists/common.txt
dirb <target-url> -X .php,.html,.txt
dirb http://example.com -X .php,.html
dirb <target-url> -r
dirb <target-url> -N 403
Uses custom HTTP headers during the scan (e.g., setting a custom user-agent).
Use Cases:
- Discovering Hidden Directories and Files: Dirb is commonly used in penetration testing to find sensitive files and directories that are not visible in the website’s navigation.
- Testing Web Security: Helps identify security misconfigurations by discovering files or directories that should not be publicly accessible.
- Reconnaissance: Useful in the early phases of security assessments for mapping out a web server’s directory structure.
Dirb is a powerful and simple tool for discovering hidden content on a web server, providing valuable insights during web application security assessments.