One of the first steps when pentesting a website should be scanning for hidden directories. It is essential for finding valuable information or potential attack vectors that might otherwise be unseen on the public-facing site. There are many tools out there that will perform the brute-forcing process, but not all are created equally.
Dirsearch is a tool written in Python used to brute-force hidden web directories and files. It can run on Windows, Linux, and macOS, and it offers a simple, yet powerful command-line interface. With features such as multithreading, proxy support, request delaying, user agent randomization, and support for multiple extensions, dirsearch is a strong contender in the directory scanner arena.
DirBuster is often thought of as the de facto brute-force scanner, but it is written in Java and only offers a GUI, which can make it sort of clunky. Dirsearch is command-line only, and having been written in Python makes it easier to integrate into scripts and other existing projects. DIRB is another popular directory scanner, but it lacks multithreading, making dirsearch the clear winner when it comes to speed.
Dirsearch shines when it comes to recursive scanning. So for every directory it finds, it will go back through and crawl that directory for any additional directories. Recursive scanning, along with its speed and simple command-line usage, ..
Support the originator by clicking the read the rest link below.
