DIRB

Content Scanner

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the responses.

DIRB comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also DIRB sometimes can be used as a classic CGI scanner, but remember that it is a content scanner not a vulnerability scanner.

DIRB’s main purpose is to help in professional web application auditing. Specially in security related testing. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects that other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerable.

DOWNLOADS

No Official Website

SYSTEM REQUIREMENTS

RAM : Minimum 512 MB (2 GB recommended).

Storage : Minimum 100 mb of Device storage.

OS : Linux, Windows, and macOS

Architecture : Any

Available On : PC


ADDITIONAL INFORMATION

Published By

The Dark Raver (Developer)

Release Date

April 27, 2005

Approximate Size

1.43 MB for Archives

Publisher Info

Created by Ramon Pinuaga

Supported Languages

English

Last Update

November 20, 2014 (version 2.22)

Programming Language

Written in C

Operating System

Cross-platform

License

GNU General Public License (GPL)

  1. Dictionary-based Attack : Dirb launches a dictionary-based attack against a web server by scanning for existing (and/or hidden) web objects.
  2. Customizable Wordlists : Dirb supports custom wordlists, allowing you to use specific dictionaries that are more relevant to your target web technology.
  3. In-built in Kali Linux : Dirb is included with Kali Linux, making it easily accessible for penetration testers.
  4. Analyzing Responses : Dirb analyzes the server responses to identify any vulnerable objects in the web application.
  5. Versatile : Dirb can be used to test for specific vulnerable objects within specific types of web technologies, as each web technology has different vulnerabilities.

  1. It features an internal word list file with roughly 4000 words for brute force attacks.
  2. There are many updated wordlists accessible on the internet that may be utilized as well.
  3. Dirb scans every directory or object of a website or server for the terms in its wordlist.
  4. There might be an admin panel or a subfolder that is under assault.
  5. The trick is to locate the things, which are usually hidden.

  • Finding Hidden Directories & Files : Dirb scans web servers to uncover hidden files, directories, and pages that might not be linked publicly.
  • Brute Force Attacks : It uses wordlists to brute-force directories and files, helping security professionals identify vulnerabilities.
  • Web Enumeration : Dirb helps in web enumeration, allowing testers to discover unlinked pages that could be potential security risks.
  • Security Assessments : It assists in bug bounty programs and real-world security assessments by identifying sensitive directories that should be protected.
  • Testing Web Servers : Dirb can be used to check for admin panels, backup files, and configuration files that might be exposed.

Basic Syntax
  1. The basic syntax for using Dirb is : dirb [options] target URL
  2. Replace target URL with the URL of the website you want to scan.
Options

Here are some common options used with Dirb :

  • -w : Scan directories recursively (default behavior).
  • -r: Non-recursive scan (only scan the first-level directories).
  • -z delay : Introduce a delay (in milliseconds) between requests.
  • -s: Silent mode (hide the display of sent requests and only show found items).
  • -X extensions : Specify a list of comma-separated extensions to scan for.
  • -x file : Specify the path to a text file containing a list of extensions to use.
  • -o output file : Save the output to a text file.
  1. Basic Scan
    2. dirb http://webscantest.com This will perform a recursive scan of the website using the default wordlist.
  2. Non-Recursive Scan
    3. dirb http://webscantest.com -r This will only scan the first-level directories and not recurse into subdirectories.
  3. Delay Between Requests
    4. dirb http://webscantest.com -z 1000 This will introduce a 1-second delay between requests to throttle the scan and avoid triggering web application firewalls.
  4. Scan for Specific Extensions
    5. dirb http://webscantest.com -X ".php,.bak" This will scan for files with the .php and .bak extensions.
  5. Save Output to File
    6. dirb http://webscantest.com -x extensions.txt -o dirb_output.txt This will scan for files with extensions specified in extensions.txt and save the output to dirb_output.txt.
Using Dirb with Kali Linux

Dirb is pre-installed in Kali Linux, so you can access it directly from the terminal. Simply open a terminal and type dirb followed by the options and target URL.

Wordlists

Dirb comes with several preconfigured wordlists, including common.txt, small.txt, and medium.txt. You can also use external wordlists like Daniel Miessler’s SecLists. To specify a custom wordlist, use the -x option followed by the path to the wordlist file.

Tips and Limitations
  1. Dirb is a content scanner, not a vulnerability scanner. It doesn’t search for vulnerabilities or web contents that can be vulnerable.
  2. Be cautious when using Dirb, as it can potentially overwhelm web servers or trigger web application firewalls.
  3. Dirb is great for getting started with web app fuzzing, but FFUF is a more advanced and faster tool.

  • libc6
  • libcurl4

Terminal Installation Commands ...

$ sudo apt-get update

$ sudo apt-get install dirb

$ sudo apt -y install dirb

GUI Installation Steps ...
Linux
  • Update the package database : sudo apt-get update
  • Install Dirb using apt-get : sudo apt-get -y install dirb
Windows
  • Download Dirb from SourceForge or other trusted sources.
  • Extract the downloaded files and follow the installation instructions provided.
MacOS
  • Download Dirb from SourceForge or use Homebrew : brew install dirb
  • Alternatively, manually install :
    • Download the tar file.
    • Extract it using : tar -xvf dirb222.tar.gz
    • Navigate to the extracted folder and run :

      • $ ./configure

      $ make

      $ make install

Terminal Uninstallation Commands ...

$ sudo apt remove dirb

$ sudo apt autoclean && apt autoremove

GUI Uninstallation Steps ...
Linux
  • Remove Dirb : sudo apt-get remove dirb
  • To remove Dirb and its dependencies : sudo apt-get -y autoremove dirb
  • To purge Dirb configurations and data : sudo apt-get -y purge dirb
  • To remove Dirb configurations, data, and dependencies : sudo apt-get -y autoremove --purge dirb
Windows
  • Use the "Add or Remove Programs" feature in the Control Panel :
    • Open Control Panel > Programs > Programs and Features.
    • Select Dirb and click "Uninstall."
  • Alternatively, use the Program Install and Uninstall Troubleshooter for issues during uninstallation.
MacOS
  • If installed via Homebrew : brew uninstall dirb
  • For manual installations :
    • Remove the Dirb directory and associated files.

Copyright © 2025 HACKERSPOT

All original content, including tools, software, and other information, is protected by copyright and remains the property of its respective owners.

Subscribe for more Information
HACKERSPOT

HackerSpot is an informational platform that offers resources such as tools, software, courses, internships, and various other materials aimed at supporting individuals passionate about CyberSecurity and IT.

About Us
Docs / Links

Documentation

Tools

Softwares

Operating Systems

Learning

Courses

Internships

Virtual Labs

Colleges

Youtube Channels

Resources

Devices & Hardware

Browsers

Cyber Threat Maps

Other Resources

Contacts

Bapatla, Andhrapradesh, India 237101

bablunannam@gmail.com

+91 7995819235