Dirb full tutorial for beginners from noob to pro | 2024

Introduction

In this post, you will learn about the dirb tool and we will see some of the most used commands in this tool and also below is the video format of the post, check it out 👇🏾

Video:

What is dirb❓

Dirb is a web application analysis tool and even you can do brute forcing on the target using the tool. “But hey, wait my professor used to say brute-forcing is dangerous than selling drugs

There is a high chance for a hacker to get caught while using the brute force technique. This tool works by launching a dictionary-based attack against a web server and analyzing the response.

So, while talking about brute-forcing we need a set of usernames and passwords and this tool comes with the list of usernames and passwords.

You can find the list here

cd /usr/share/wordlists/dirb

Advertisement

Where to download dirb

Use the below link to download the tool and if you are a kali Linux user then the tool must be pre-installed. Anyways to install the tool in kali Linux use this command.

apt-get install dirb

Useful commands in dirb

-a: Specify your custom USER_AGENT.
-c: Set a cookie for the HTTP request.
-f: Fine tunning of NOT_FOUND (404) detection.
-H: Add a custom header to the HTTP request.
-i: Use case-insensitive search.
-l: Print “Location” header when found.
-N: Ignore responses with this HTTP code.
-o: Save output to disk.
-p: Use this proxy. (Default port is 1080)
-P: Proxy Authentication.
-r: Don’t search recursively.
-R: Interactive recursion. (Asks for each directory)
-S: Silent Mode. Don’t show tested words. (For dumb terminals)
-t: Don’t force an ending ‘/’ on URLs.
-u: HTTP Authentication.
-v: Show also NOT_FOUND pages.
-w: Don’t stop on WARNING messages.
-X / -x: Append each word with these extensions.
-z: Add a milliseconds delay to not cause excessive Flood.

Advertisement

How to use the dirb tool

To be a pro in using the dirb tool make sure you follow the examples below properly and If you have any doubt comment down below and watch the video I made on the tool.

Example 1, Doing standard scan in dirb

To do a standard scan use this command

dirb <target>

dirb http://45.33.32.156

scanning

Example 2, Enumerating directory with extension list

You should take a look at the below screenshot for sure and then you will understand we are enumerating the .php for the login page of the target.

dirb http://target/ -X .php

-X / -x: Append each word with these extensions.

dirbs

Example3, Save the output

To save the output in a file, just use this command

dirb http://192.168.1.106/ -o output.txt

-o: Save output to disk

dirb

Example4, Bypassing If any errors found

Bypassing any errors are found while scanning, to do so, use the below command.

dirb http://192.168.1.106/-N 302

-N: Ignore responses with this HTTP code.

dirb

Example 5, Adding speed for the scan

You can delay the scan to get a deeper detailed scan. And below is the command for speeding up the scan.

dirb http://192.168.1.106 -z  100

dirb

Conclusion

By, Now you should be familiar with the dirb tool and check my youtube video on dirb, there are more commands and explanations.

Advertisement


Also Read: Burpsuite full tutorial for beginners

Also Read: F-string in python