DIRB -- Hidden Object Scanner

In previous posts we learned the NMAP and how to find ports on a network or system. Now we need to hunt for open directories to find admin panel or sub-directories.

DIRB is a very popular web content scanner written in C that can be used to brute force open directories. The bad thing of DIRB is this tool is generally slow and does not support multi-threading, but it has a grate way to find existing and hidden directories or sub-directories.

DIRB is built in Kali Linux and it is very simple to use, just open the terminal window and type following command to scan our website https://www.kalilinux.in :

dirb https://www.kalilinux.in
The screenshot is following:

There are many other option in DIRB, using them makes DIRM more handy:

  • -a  : specify your user agent.
  • -c :  specify a cookie for HTTP request.
  • -f  : fine tuning of NOT_FOUND (404) detection.
  • -H : enter a custom header to HTTP request.
  • -x : to specify the file extension.
  • -o : save output to disk.
  • -t : don't force an ending '/' on URLs.