DIRB是一个Web内容扫描。它看起来对现有(和/或隐藏)的Web对象。它主要的工作原理是发动了对Web服务器的基于字典的攻击和分析的响应。 DIRB带有易于使用的一组预配置的攻击生词,但你可以用你自定义的词表。此外DIRB有时可以作为一个典型的CGI扫描器,但要记住是一个内容扫描仪没有漏洞扫描器。 DIRB主要目的是在专业的Web应用程序的审核帮助。特别是在与安全相关的测试。它没有涵盖的经典网页漏洞扫描器一些漏洞。 DIRB寻找其他通用CGI扫描器无法查找特定的Web对象。它不搜索的漏洞,也没有寻找网页内容,可以vulnerables。 资料来源:http://dirb.sourceforge.net/about.html

DIRB首页 | 卡利DIRB回购

  • 作者:黑暗王之王
  • 许可:GPL第二版

    0x01 包含在DIRB软件包工具

    DIRB - 一个网页内容扫描仪 ```bash

    :~# dirb

DIRB v2.21

By The Dark Raver

./dirb [] [options] ========================= NOTES ========================= : Base URL to scan. (Use -resume for session resuming) : List of wordfiles. (wordfile1,wordfile2,wordfile3...) ======================== HOTKEYS ======================== 'n' -> Go to next directory. 'q' -> Stop scan. (Saving state for resume) 'r' -> Remaining scan stats. ======================== OPTIONS ======================== -a : Specify your custom USER_AGENT. -c : Set a cookie for the HTTP request. -f : Fine tunning of NOT_FOUND (404) detection. -H : Add a custom header to the HTTP request. -i : Use case-insensitive search. -l : Print "Location" header when found. -N : Ignore responses with this HTTP code. -o : Save output to disk. -p : Use this proxy. (Default port is 1080) -P : Proxy Authentication. -r : Don't search recursively. -R : Interactive recursion. (Asks for each directory) -S : Silent Mode. Don't show tested words. (For dumb terminals) -t : Don't force an ending '/' on URLs. -u : HTTP Authentication. -v : Show also NOT_FOUND pages. -w : Don't stop on WARNING messages. -X / -x : Append each word with this extensions. -z : Add a miliseconds delay to not cause excessive Flood. ======================== EXAMPLES ======================= ./dirb http://url/directory/ (Simple Test) ./dirb http://url/ -X .html (Test files with '.html' extension) ./dirb http://url/ /usr/share/dirb/wordlists/vulns/apache.txt (Test with apache.txt wordlist) ./dirb https://secure_url/ (Simple Test with SSL)

## 0x02  html2dic - 生成HTML页面字典

 :~# html2dic
Uso: ./html2dic <file>

0x03 gendict - 发电机的自定义词典

 :~# gendict
Usage: gendict -type pattern
  type: -n numeric [0-9]
        -c character [a-z]
        -C uppercase character [A-Z]
        -h hexa [0-f]
        -a alfanumeric [0-9a-z]
        -s case sensitive alfanumeric [0-9a-zA-Z]
  pattern: Must be an ascii string in which every 'X' character wildcard
           will be replaced with the incremental value.
Example: gendict -n thisword_X

0x04 DIRB用法示例

扫描Web服务器 利用字典文件 (/usr/share/wordlists/dirb/common.txt) 目录:

 :~# dirb /usr/share/wordlists/dirb/common.txt 
DIRB v2.21    
By The Dark Raver
START_TIME: Fri May 16 13:41:45 2014
WORDLIST_FILES: /usr/share/wordlists/dirb/common.txt
GENERATED WORDS: 4592                                                          
---- Scanning URL: ----
==> DIRECTORY:                                                                                                                               
+ (CODE:200|SIZE:2726)                                                                                                                
+ (CODE:403|SIZE:1122)                                                                                                                    
==> DIRECTORY:                                                                                                                             
==> DIRECTORY:                                                                                                                               


results matching ""

    No results matching ""