
To find known misconfigurations, juicy APIs or endpoints, sensitive data exposure, config file, etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints. With web path fuzzing you can find a lot of juicy data that can’t be find on google search.
Dirsearch
Web path scanner to find endpoins, juicy data, sensitive files, config and more.
Installation & Usage
Requirement: python 3.7 or higher
Choose one of these installation options:
- Install with git:
git clone https://github.com/maurosoria/dirsearch.git --depth 1
(RECOMMENDED) - Install with ZIP file: Download here
- Install with Docker:
docker build -t "dirsearch:v0.4.3" .
(more information can be found here) - Install with PyPi:
pip3 install dirsearch
orpip install dirsearch
- Install with Kali Linux:
sudo apt-get install dirsearch
(deprecated)
Wordlists (IMPORTANT)
Summary:
- Wordlist is a text file, each line is a path.
- About extensions, unlike other tools, dirsearch only replaces the
%EXT%
keyword with extensions from -e flag. - For wordlists without
%EXT%
(like SecLists), -f | –force-extensions switch is required to append extensions to every word in wordlist, as well as the/
. - To apply your extensions to wordlist entries that have extensions already, use -O | –overwrite-extensions (Note: some extensions are excluded from being overwritted such as .log, .json, .xml, … or media extensions like .jpg, .png)
- To use multiple wordlists, you can separate your wordlists with commas. Example:
wordlist1.txt,wordlist2.txt
.
Configuration
By default, config.ini
inside your dirsearch directory is used as the configuration file but you can select another file via --config
flag or DIRSEARCH_CONFIG
environment variable.
How to use

Simple usage
Pausing progress
dirsearch allows you to pause the scanning progress with CTRL+C, from here, you can save the progress (and continue later), skip the current target, or skip the current sub-directory.

Filters
Use -i | –include-status and -x | –exclude-status to select allowed and not allowed response status-codes
For more advanced filters: –exclude-sizes, –exclude-texts, –exclude-regexps, –exclude-redirects and –exclude-response