provocativo_
back to the arsenal
// arsenal·Web AppSecBeginnerFOSS

Dirb

The classic CLI web content scanner — predecessor of every modern dir-buster.

Web AppSec

$ dirb --help

Dirb

// what it is

Description

Old-school C-based directory brute-forcer that ships in Kali. Slow by modern standards but always available; useful when you need a tool with zero non-stdlib deps.

// use cases

What people use it for

  • Lightweight directory brute-force on tiny VMs

// commands

The commands you'll type

Default common wordlist

$ dirb https://target /usr/share/wordlists/dirb/common.txt

// facts

category
Web AppSec
platforms
LIN
license
FOSS
difficulty
Beginner

// links

// related in Web AppSec

Web AppSecIntermediate

Burp Suite

PortSwigger's intercepting HTTP proxy — the de facto web app testing platform.

Freemium
LIN·WIN·MAC
open entry →
Web AppSecBeginner

OWASP ZAP

The free, OWASP-stewarded alternative to Burp.

FOSS
LIN·WIN·MAC
open entry →
Web AppSecBeginner

Nikto

Loud-but-fast web server scanner — checks for thousands of misconfigurations.

FOSS
LIN·WIN·MAC
open entry →