dirsearch — Web Path Discovery and Directory Brute-Forcer

Introduction

dirsearch is a command-line tool written in Python for brute-forcing directories and files on web servers. It has been a staple in the bug bounty and penetration testing community for years, offering a balance between simplicity and configurability that makes it effective for content discovery.

What dirsearch Does

• Discovers hidden directories, files, and backup files on web servers
• Supports extension-based scanning to find language-specific resources
• Handles recursive scanning to explore discovered subdirectories automatically
• Filters responses by status code, size, and content to reduce noise
• Supports HTTP and SOCKS proxies for routing through testing infrastructure

Architecture Overview

dirsearch is a multithreaded Python application that sends HTTP requests using a configurable thread pool. It reads wordlists line by line, appends configured extensions, and fires requests against the target URL. A response analyzer checks status codes and content length against user-defined filters. Results are logged to stdout and optionally to plain text, JSON, CSV, XML, or Markdown report files.

Self-Hosting & Configuration

• Install via pip or clone the repository and run directly
• Provide custom wordlists with -w or use the bundled default wordlist
• Set thread count with -t (default 25) based on target tolerance
• Configure exclusion rules with --exclude-status and --exclude-sizes
• Use --deep-recursive for automatic recursive scanning of discovered paths

Key Features

• Bundled high-quality default wordlist curated for common web paths
• Extension bruteforcing (-e) to test multiple file types per wordlist entry
• Subdirectory recursive scanning with configurable depth limits
• Request throttling with --delay to respect rate limits
• Report generation in multiple formats for documentation and tracking

Comparison with Similar Tools

• ffuf — faster Go-based fuzzer with more flexible FUZZ keyword placement, but requires external wordlists
• gobuster — Go-based scanner focused on speed, less built-in filtering logic
• DirBuster — legacy Java GUI tool by OWASP, largely replaced by modern CLI tools
• feroxbuster — Rust-based recursive scanner with automatic depth detection

FAQ

Q: How does dirsearch compare to ffuf in speed? A: ffuf is generally faster due to Go's concurrency model. dirsearch compensates with a curated default wordlist and simpler setup for quick scans.

Q: Can dirsearch scan multiple targets? A: Yes. Provide a file of URLs with -l to scan multiple targets in sequence.

Q: Does dirsearch handle authentication? A: Yes. Pass cookies with --cookie, add headers with -H, or use --auth for HTTP basic authentication.

Q: What makes dirsearch's default wordlist effective? A: The bundled wordlist is curated from real-world findings and common web application paths, reducing the need for external wordlist management.

Sources

• https://github.com/maurosoria/dirsearch
• https://github.com/maurosoria/dirsearch/wiki