Select Page

Website Footprinting using DIRB

Ethical Hacking

Dirb is a command-line web content scanner included in Kali Linux, used to discover hidden files and directories on a web server. It performs brute-force attacks by using wordlists to find potentially sensitive information that might not be listed or visible in a website’s directory structure.

Key Features:

  • Directory and File Brute-Forcing: Attempts to find hidden directories and files by brute-forcing URL paths using a wordlist.
  • Recursive Scanning: Can perform recursive scans to discover deeper directory structures.
  • Custom Wordlists: Supports using custom wordlists for more tailored brute-force attacks.
  • Extension Scanning: Can search for specific file extensions (e.g., .php, .txt, .html) to narrow down or expand the search.

Common Dirb Commands:
dirb <target-url>

dirb <target-url> <wordlist-path>

dirb http://example.com /usr/share/dirb/wordlists/common.txt

dirb <target-url> -X .php,.html,.txt

dirb http://example.com -X .php,.html

dirb <target-url> -r

dirb <target-url> -N 403

Uses custom HTTP headers during the scan (e.g., setting a custom user-agent).

Use Cases:

  • Discovering Hidden Directories and Files: Dirb is commonly used in penetration testing to find sensitive files and directories that are not visible in the website’s navigation.
  • Testing Web Security: Helps identify security misconfigurations by discovering files or directories that should not be publicly accessible.
  • Reconnaissance: Useful in the early phases of security assessments for mapping out a web server’s directory structure.

Dirb is a powerful and simple tool for discovering hidden content on a web server, providing valuable insights during web application security assessments.

Latest Post:

Pin It on Pinterest