Dirb

Spider tool to scan websites for hidden pages.

💡 Word list should be updated to add current year.

head -n 16 /usr/share/dirb/wordlists/common.txt
sudo nano /usr/share/dirb/wordlists/common.txt
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030

Help

man dirb

Spider

❗ Dirb uses a single thread, so is slower than Gobuster.

URL="http://example.com"
WL=/usr/share/dirb/wordlists/common.txt
#WL=/usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt

dirb $URL $WL

# Uses default WL: /usr/share/dirb/wordlists/common.txt
dirb $URL

Hotkeys

n: Go to next directory
q: stop scanning (saving state to resume)
r: remaining scan stats

Using a proxy

dirb $URL $WL -p "http://127.0.0.1:3128"

Using cookies

dirb $URL $WL -c "cookie1=value1; cookie2=value2; cookie3=value3"

Using credentials over HTTP Basic Authentication

dirb $URL $WL -u username:password

Using JWT token

TOKEN="jwt token here"
dirb $URL $WL -H "Authorization: Bearer $TOKEN"

Using specific extensions

dirb $URL $WL -X .html,.php

Using custom agent

AGENT="Googlebot"
dirb $URL $WL -a "$AGENT"

Not Found 404

dirb $URL $WL -f 123

Adding a delay (in ms)

dirb $URL $WL -z 10

Vulnerabilities

WL="/usr/share/dirb/wordlists/vulns/apache.txt"
dirb $URL $WL