dirb 命令

常用示例

说明

dirb is a web content scanner that discovers existing and hidden web objects by launching dictionary-based attacks against a web server and analyzing the responses. It is commonly used in penetration testing to find unlinked content, backup files, configuration files, and administrative interfaces. DIRB ships with several built-in wordlists located in `/usr/share/dirb/wordlists/`.

参数

-a _agent_

Custom User-Agent string.

-b

Don't squash or merge sequences of /../ or /./ in the given URL.

-c _cookie_

Set a cookie for HTTP requests.

-E _certfile_

Use the specified client certificate file.

-f

Fine-tune NOT_FOUND (404) detection.

-H _header_

Add a custom header to the HTTP request.

-i

Use case-insensitive search.

-l

Print "Location" header when found.

-N _code_

Ignore responses with this HTTP code.

-o _file_

Save output to disk.

-p _proxy__:port_

Use this proxy (default port: 1080).

-P _user:pass_

Proxy authentication.

-r

Don't search recursively.

-R

Interactive recursion (ask which directories to scan).

-S

Silent mode (don't show tested words).

-t

Don't force an ending '/' on URLs.

-u _user:pass_

HTTP authentication username and password.

-v

Show also non-existent pages.

-w

Don't stop on WARNING messages.

-x _extfile_

Amplify search with extensions from this file.

-X _extensions_

Amplify search with these extensions (e.g., ".php,.html").

-z _ms_

Add delay in milliseconds between requests.