Ultimate Dirb Cheat Sheet
Ultimate Dirb Cheat Sheet
The classic web content scanner for brute-forcing hidden directories and files.
1. Basic Scanning
The simplest way to use Dirb. It uses the default wordlist (common.txt) if none is provided.
Standard Scan
Scan a URL recursively.
Non-Recursive Scan
Do not enter subdirectories found (Faster).
Ignore Status Codes
Don't show results with 403 Forbidden or 302 Found status.
2. Wordlists
Dirb's power depends on the wordlist you use. It comes with several built-in lists.
Using a Custom Wordlist
Built-in Wordlist Locations
Usually located in /usr/share/dirb/wordlists/.
common.txt
Small, fast. The default list.
big.txt
Larger list. Use if 'common' finds nothing.
vulns/
Specific lists for known vulnerable apps (cgis.txt, tomcat.txt).
3. File Extensions
Search for specific file types (like .php, .html, .zip) by appending extensions to every word in the list.
Specific Extension (-X)
Look for PHP files.
Multiple Extensions (-x)
Use a file containing a list of extensions (e.g., .php, .html, .bak).
4. Authentication & Headers
Bypass basic protections or scan behind login prompts.
HTTP Basic Auth
Custom User-Agent (-a)
Spoof your browser to look legitimate or bypass filters.
Custom Cookie (-c)
Pass a session cookie (e.g., PHPSESSID) to scan as a logged-in user.
5. Performance & Output
Add Delay (-z)
Wait X milliseconds between requests (Throttling/Stealth).
Save Output (-o)
Save findings to a file for later analysis.
Silent Mode (-S)
Don't print testing words, only print found items.
Post a Comment