Web path brute-forcer that discovers hidden directories and files on web servers using customizable wordlists
dirsearch is a command-line web path discovery tool that performs brute-force enumeration to find hidden directories and files on web servers. It uses wordlists to systematically test potential paths and identifies accessible resources that might not be linked from the main website.
The tool supports extensive wordlist customization, including extension replacement via %EXT% placeholders, force-appending extensions to entries, and bundled wordlist categories (extensions, conf, vcs, backups, db, logs, keys, web, common). It can handle multiple target formats including single URLs, CIDR ranges, raw HTTP requests, and nmap reports. Session management allows resuming interrupted scans.
dirsearch provides comprehensive filtering options including status code inclusion/exclusion, response size filtering, text-based exclusion, and regex pattern matching. It supports recursive scanning with configurable depth limits, multi-threading, and various HTTP authentication methods. The tool runs on Linux, Windows, and macOS with both Python and standalone binary distributions available.
# via Git
git clone https://github.com/maurosoria/dirsearch.git --depth 1
# via PyPI
pip3 install dirsearch
# via APT
sudo apt-get install dirsearch