Dirb is a powerful subdirectory scanner.
We can use dirb in kali by it's default pre-installation.
In my example i use the url : https://target.com/
dirb gives you the list of parameters which can be parsed.
There are three hotkeys which can be pressed while a scan:
N => Will go to next directory
Q => Stop Scan (It saves the state for resume)
R => Remaining Stats
The basic syntax is :
dirb <url_base> [<wordlist_file(s)>] [options]
We can specfiy with -a an useragent string for example :
dirb https://target.com -a "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
Use the double quotes, overwise it could happen that your Shell get a wrong input :
┌──(lord777㉿carder)-[~]
└─$ dirb https://target.com -a Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
bash: syntax error near unexpected token `('
I found this useragent in this database:
With -c you can specify cookies strings, this is not very useful for me so i skip this. Usually a cookie string is like this :
zrStorage=808226700
The -f parameter tunes the not found detection i use this.
-l will print the "Location" header, when found.
-r don't search recursively.
-w don't stop on Warning messages.
-z is the milliseconds delay to not cause excessive flood.
The full command will be :
dirb https://target.com -a "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
-f -l -r -z 10
We can use dirb in kali by it's default pre-installation.
In my example i use the url : https://target.com/
dirb gives you the list of parameters which can be parsed.
There are three hotkeys which can be pressed while a scan:
N => Will go to next directory
Q => Stop Scan (It saves the state for resume)
R => Remaining Stats
The basic syntax is :
dirb <url_base> [<wordlist_file(s)>] [options]
We can specfiy with -a an useragent string for example :
dirb https://target.com -a "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
Use the double quotes, overwise it could happen that your Shell get a wrong input :
┌──(lord777㉿carder)-[~]
└─$ dirb https://target.com -a Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
bash: syntax error near unexpected token `('
I found this useragent in this database:
Browse our database of 410 million User Agents
There are millions of different types and formats of user agents, we've collected them and organised them by browser type, operating system, platform, software and hardware type. You can browse our huge collection here.
developers.whatismybrowser.com
With -c you can specify cookies strings, this is not very useful for me so i skip this. Usually a cookie string is like this :
zrStorage=808226700
The -f parameter tunes the not found detection i use this.
-l will print the "Location" header, when found.
-r don't search recursively.
-w don't stop on Warning messages.
-z is the milliseconds delay to not cause excessive flood.
The full command will be :
dirb https://target.com -a "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
-f -l -r -z 10