.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.48.5. .TH DIRSEARCH "1" "September 2021" "dirsearch v0.4.2" "User Commands" .SH NAME dirsearch \- An advanced command-line tool designed to brute force directories and files in webservers .SH SYNOPSIS .B dirsearch.py [\fI\,-u|--url\/\fR] \fI\,target \/\fR[\fI\,-e|--extensions\/\fR] \fI\,extensions \/\fR[\fI\,options\/\fR] .SH OPTIONS .TP \fB\-\-version\fR show program's version number and exit .TP \fB\-h\fR, \fB\-\-help\fR show this help message and exit .IP Mandatory: .TP \fB\-u\fR URL, \fB\-\-url\fR=\fI\,URL\/\fR Target URL .TP \fB\-l\fR FILE, \fB\-\-url\-list\fR=\fI\,FILE\/\fR Target URL list file .TP \fB\-\-stdin\fR Target URL list from STDIN .TP \fB\-\-cidr\fR=\fI\,CIDR\/\fR Target CIDR .TP \fB\-\-raw\fR=\fI\,FILE\/\fR Load raw HTTP request from file (use `\-\-scheme` flag to set the scheme) .TP \fB\-e\fR EXTENSIONS, \fB\-\-extensions\fR=\fI\,EXTENSIONS\/\fR Extension list separated by commas (Example: php,asp) .TP \fB\-X\fR EXTENSIONS, \fB\-\-exclude\-extensions\fR=\fI\,EXTENSIONS\/\fR Exclude extension list separated by commas (Example: asp,jsp) .TP \fB\-f\fR, \fB\-\-force\-extensions\fR Add extensions to every wordlist entry. By default dirsearch only replaces the %EXT% keyword with extensions .IP Dictionary Settings: .TP \fB\-w\fR WORDLIST, \fB\-\-wordlists\fR=\fI\,WORDLIST\/\fR Customize wordlists (separated by commas) .TP \fB\-\-prefixes\fR=\fI\,PREFIXES\/\fR Add custom prefixes to all wordlist entries (separated by commas) .TP \fB\-\-suffixes\fR=\fI\,SUFFIXES\/\fR Add custom suffixes to all wordlist entries, ignore directories (separated by commas) .TP \fB\-\-only\-selected\fR Remove paths have different extensions from selected ones via `\-e` (keep entries don't have extensions) .TP \fB\-\-remove\-extensions\fR Remove extensions in all paths (Example: admin.php \-> admin) .TP \fB\-U\fR, \fB\-\-uppercase\fR Uppercase wordlist .TP \fB\-L\fR, \fB\-\-lowercase\fR Lowercase wordlist .TP \fB\-C\fR, \fB\-\-capital\fR Capital wordlist .IP General Settings: .TP \fB\-t\fR THREADS, \fB\-\-threads\fR=\fI\,THREADS\/\fR Number of threads .TP \fB\-r\fR, \fB\-\-recursive\fR Brute\-force recursively .TP \fB\-\-deep\-recursive\fR Perform recursive scan on every directory depth (Example: api/users \-> api/) .TP \fB\-\-force\-recursive\fR Do recursive brute\-force for every found path, not only paths end with slash .TP \fB\-R\fR DEPTH, \fB\-\-recursion\-depth\fR=\fI\,DEPTH\/\fR Maximum recursion depth .TP \fB\-\-recursion\-status\fR=\fI\,CODES\/\fR Valid status codes to perform recursive scan, support ranges (separated by commas) .TP \fB\-\-subdirs\fR=\fI\,SUBDIRS\/\fR Scan sub\-directories of the given URL[s] (separated by commas) .TP \fB\-\-exclude\-subdirs\fR=\fI\,SUBDIRS\/\fR Exclude the following subdirectories during recursive scan (separated by commas) .TP \fB\-i\fR CODES, \fB\-\-include\-status\fR=\fI\,CODES\/\fR Include status codes, separated by commas, support ranges (Example: 200,300\-399) .TP \fB\-x\fR CODES, \fB\-\-exclude\-status\fR=\fI\,CODES\/\fR Exclude status codes, separated by commas, support ranges (Example: 301,500\-599) .TP \fB\-\-exclude\-sizes\fR=\fI\,SIZES\/\fR Exclude responses by sizes, separated by commas (Example: 123B,4KB) .TP \fB\-\-exclude\-texts\fR=\fI\,TEXTS\/\fR Exclude responses by texts, separated by commas (Example: 'Not found', 'Error') .TP \fB\-\-exclude\-regexps\fR=\fI\,REGEXPS\/\fR Exclude responses by regexps, separated by commas (Example: 'Not foun[a\-z]{1}', '^Error$') .TP \fB\-\-exclude\-redirects\fR=\fI\,REGEXPS\/\fR Exclude responses by redirect regexps or texts, separated by commas (Example: 'https://okta.com/*') .TP \fB\-\-exclude\-response\fR=\fI\,PATH\/\fR Exclude responses by response of this page (path as input) .TP \fB\-\-skip\-on\-status\fR=\fI\,CODES\/\fR Skip target whenever hit one of these status codes, separated by commas, support ranges .TP \fB\-\-minimal\fR=\fI\,LENGTH\/\fR Minimal response length .TP \fB\-\-maximal\fR=\fI\,LENGTH\/\fR Maximal response length .TP \fB\-\-max\-time\fR=\fI\,SECONDS\/\fR Maximal runtime for the scan .TP \fB\-q\fR, \fB\-\-quiet\-mode\fR Quiet mode .TP \fB\-\-full\-url\fR Full URLs in the output (enabled automatically in quiet mode) .TP \fB\-\-no\-color\fR No colored output .IP Request Settings: .TP \fB\-m\fR METHOD, \fB\-\-http\-method\fR=\fI\,METHOD\/\fR HTTP method (default: GET) .TP \fB\-d\fR DATA, \fB\-\-data\fR=\fI\,DATA\/\fR HTTP request data .TP \fB\-H\fR HEADERS, \fB\-\-header\fR=\fI\,HEADERS\/\fR HTTP request header, support multiple flags (Example: \fB\-H\fR 'Referer: example.com') .TP \fB\-\-header\-list\fR=\fI\,FILE\/\fR File contains HTTP request headers .TP \fB\-F\fR, \fB\-\-follow\-redirects\fR Follow HTTP redirects .TP \fB\-\-random\-agent\fR Choose a random User\-Agent for each request .TP \fB\-\-auth\-type\fR=\fI\,TYPE\/\fR Authentication type (basic, digest, bearer, ntlm) .TP \fB\-\-auth\fR=\fI\,CREDENTIAL\/\fR Authentication credential (user:password or bearer token) .HP \fB\-\-user\-agent\fR=\fI\,USERAGENT\/\fR .HP \fB\-\-cookie\fR=\fI\,COOKIE\/\fR .IP Connection Settings: .TP \fB\-\-timeout\fR=\fI\,TIMEOUT\/\fR Connection timeout .TP \fB\-s\fR DELAY, \fB\-\-delay\fR=\fI\,DELAY\/\fR Delay between requests .TP \fB\-\-proxy\fR=\fI\,PROXY\/\fR Proxy URL, support HTTP and SOCKS proxies (Example: localhost:8080, socks5://localhost:8088) .TP \fB\-\-proxy\-list\fR=\fI\,FILE\/\fR File contains proxy servers .TP \fB\-\-replay\-proxy\fR=\fI\,PROXY\/\fR Proxy to replay with found paths .TP \fB\-\-scheme\fR=\fI\,SCHEME\/\fR Default scheme (for raw request or if there is no scheme in the URL) .TP \fB\-\-max\-rate\fR=\fI\,RATE\/\fR Max requests per second .TP \fB\-\-retries\fR=\fI\,RETRIES\/\fR Number of retries for failed requests .TP \fB\-b\fR, \fB\-\-request\-by\-hostname\fR By default dirsearch requests by IP for speed. This will force dirsearch to request by hostname .TP \fB\-\-ip\fR=\fI\,IP\/\fR Server IP address .TP \fB\-\-exit\-on\-error\fR Exit whenever an error occurs .IP Reports: .TP \fB\-o\fR FILE, \fB\-\-output\fR=\fI\,FILE\/\fR Output file .TP \fB\-\-format\fR=\fI\,FORMAT\/\fR Report format (Available: simple, plain, json, xml, md, csv, html) .IP You can change the dirsearch default configurations (default extensions, .PP timeout, wordlist location, ...) by editing the "/etc/dirsearch/default.conf" file. More information at https://github.com/maurosoria/dirsearch. .SH "SEE ALSO" The full documentation for .B dirsearch is maintained as a Texinfo manual. If the .B info and .B dirsearch programs are properly installed at your site, the command .IP .B info dirsearch .PP should give you access to the complete manual.