DIRB..
Introduction to DIRB:
In the field of cybersecurity and ethical hacking, one of the most important jobs during the reconnaissance phase is identifying hidden web content and directories that are not publically connected on a website. This information is used by attackers and penetration testers to identify potential attack vectors. DIRB is a tool that was specifically built for this purpose. DIRB stands for "Directory Buster," a command-line tool for web application security testing. It is a useful tool for brute-forcing or enumerating web server directories and files, allowing you to discover hidden or unlisted material. This information can help detect security flaws, sensitive files, or folders that are accessible but not meant to be public.
DIRB is commonly used by both attackers and defenders in the cybersecurity field. DIRB uses a predetermined wordlist to brute-force a web server, looking for any directories or files that are existent but inaccessible. This approach aids in identifying resources that could provide a security concern.
1.) What is DIRB?
DIRB is basically an online content scanner. It accepts a URL as input and uses a wordlist (a list of common directory and file names) to look for hidden directories and files on the web server. If the server returns a status code indicating that the directory or file exists, DIRB will log the information. It is frequently utilized during the information gathering stage of a penetration test. For example, many websites feature files like robots.txt or admin/ folders that are not shown in the site's navigation but can still be accessed. DIRB assists testers in identifying resources that are possibly vulnerable to assaults.
2.) How DIRB Works
DIRB uses brute-force attacks against the web server, which entail sending a high number of requests in fast succession. It employs a technique known as wordlist-based directory brute-forcing, in which the program iterates through every potential directory or file name from a wordlist and appends it to the target URL.
Example of how DIRB works:
A simple example: whether you're scanning http://example.com/, DIRB may insert directory names from its wordlist like /admin/, /login/, /backup/, and so on, and send requests to see whether they exist on the server.
3. Features of DIRB
DIRB has a number of qualities that make it an effective tool for web content discovery:
prepared Wordlists: DIRB has many prepared wordlists that contain thousands of possible directory and file names. You can also tailor the wordlist to the exact target.
Recursive Search: DIRB can perform recursive searches, meaning that if it finds a directory, it can continue scanning within that directory for more hidden files or subdirectories.
Proxy Support: DIRB supports proxy connections, which allows users to route their traffic through a proxy server for anonymity or to bypass network restrictions.
Customizable Extensions: You can expand the search to specific file types by specifying file extensions such as.php,.html,.txt, and so on.
DIRB integrates readily with other tools, such as vulnerability scanners, to improve web application testing procedures.
Installation of Dirb on Kali Linux
Dirb is generally pre-installed in Kali Linux; however, if you are using a different Linux distro than Kali Linux, perform the following command in the terminal (Command Line Interface):
sudo apt-get install dirb
After running the aforementioned command, the output will be similar to the screenshot below.
Usage of Dirb
Example 1: Scanning single domain
Once installed, you can use Dirb by opening a terminal window and executing the following command:
For each ping, the results list includes the response code as well as the file size. In addition, dirb starts inspecting the folder's files and returns the response code 200. It utilizes the wordlist to search all folders and displays the results.
To scan a target with a different wordlist, simply use the following command:
dirb http://www.google.com -w wordlist.txt
If you are in a different directory, you can specify the wordlist's path rather than the straight filename.
Example 2: Using multiple wordlists
The aforementioned approach uses the standard wordlist_files common.txt, but we may modify it and use a different wordlist for directory traversal. To study all of the available wordlists, take the following steps.
cd /usr/share/wordlists/dirb && ls -la
cd /usr/share/wordlists/dirb/vulns && ls -la
The following screenshots show the output:
Dirb can be used to search for vulnerable elements inside specific web technologies. Each web technology has its own set of drawbacks. They're not all alike. Dirb can help us explore for technology-specific vulnerabilities. Dirb searches for these delicate and commonly used technologies using customized wordlists in Kali. The wordlist shown in the screenshots above can be used to traverse directories based on the type of target.
As you can see above, there are several file lists for each vulnerability to test. If you want to test your Apache web server, run apache.txt.
Example 3: Default Working
By default, Dirb uses common.txt as a wordlist, which can be found in the directory listed below.
/usr/share/wordlists/dirb
There is no need to mention the default wordlist while using Dirb in its default mode. Dirb can be used in its default mode by using the following snippet:
Example 4: Saving Output to a file
We save the results of the dirb scan to a file for record keeping, better reading, and future reference. To accomplish this, we will utilize the dirb scan option -o, which allows us to store the results to a text file.
dirb http://google.com -o result.tx
When the -o switch is used, the output is saved to the results.txt file. Let's check on that file.
Example 5: Limiting enumeration with specific extensions
The -X option of the dirb scan can be used in a variety of situations where we want to retrieve directories on the target server with a specific suffix. This option accepts a file extension name and examines the target server or PC for files with that extension.
dirb http://example.com -X .php
Example 6: Ignoring specific status codes
The Status-Code element is a three-digit integer, with the first digit indicating the answer class and the last two digits serving no classification purpose. In this assault, we use code 302's -N option, as illustrated below. This can be accomplished by using the -N flag with the desired value to ignore the status code.
dirb http://example.com -N 302
Example 7: Speed Delaying
When working in various situations, there are some environments that we encounter that cannot manage the flood caused by the dirb scan; it is crucial that we postpone the scan for a while in these environments. Using the dirb scan’s -z option makes this simple to accomplish. The duration is given in milliseconds for this parameter. We have given dirb a 100-second delay, just as in the sample we’ve provided.
dirb://google.com -z 100
As previously stated, it will delay by 100 milliseconds.
Example 8: Without recursiveness
By default, the dirb search goes across all folders. It requires scanning a path and then navigating within it to find other subcategories. However, we set the dirb to not search recursively in some cases where there is insufficient time. The -r option can be used to do this.
The result will be something like this:
Example 9: Showing non-existing pages
An HTTP response code of 404 indicates that a website's server was unable to find the page you were seeking to access. Individual websites often change the 404 Not Found error notifications. In some circumstances, we also need to find 404 pages, which dirb by default ignores. We'll use the -v option to find those sites.
It will display the output in verbose mode, which means it will show all of the requests that dirb is making to the target page.
Example 10: HTTP AUTHORIZATION (-u user: pass)
The 401-status code and WWW-Authenticate response header serve as the cornerstone for all HTTP authentication/authentication procedures. The most often used HTTP security mechanisms are basic ones. The client sends the user name and password in base64-encoded plaintext form. So, using dirb, we followed the instructions below to get around this form of authentication.
dirb http://google.com/login.php -u test:test
The destination URL now displays Status-code 200 for both the test and the approved identity.
Report this article