Dirs3arch v0.3.0 – HTTP(S) Directory/File Brute Forcer


dirs3arch is a simple command line tool designed to brute force hidden directories and files in websites.
It’s written in python3 3 and all thirdparty libraries are included.

Operating Systems supported
  • Windows XP/7/8
  • GNU/Linux
  • MacOSX
  • Multithreaded
  • Keep alive connections
  • Support for multiple extensions (-e|–extensions asp,php)
  • Reporting (plain text, JSON)
  • Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc).
  • Recursive brute forcing
  • HTTP(S) proxy support
  • Batch processing (-L)


  • Scan http://www.example.com/admin/ to find php files:
    python3 dirs3arch.py -u http://www.example.com/admin/ -e php
  • Scan http://www.example.com to find asp and aspx files with SSL:
    python3 dirs3arch.py -u https://www.example.com/ -e asp,aspx
  • Scan http://www.example.com with an alternative dictionary (from DirBuster):
    python3 dirs3arch.py -u http://www.example.com/ -e php -w db/dirbuster/directory-list-2.3-small.txt
  • Scan with HTTP proxy (localhost port 8080):
    python3 dirs3arch.py -u http://www.example.com/admin/ -e php --http-proxy localhost:8080
  • Scan with custom User-Agent and custom header (Referer):
    python3 dirs3arch.py -u http://www.example.com/admin/ -e php --user-agent "My User-Agent" --header "Referer: www.google.com"
  • Scan recursively:
    python3 dirs3arch.py -u http://www.example.com/admin/ -e php -r
  • Scan recursively excluding server-status directory and 200 status codes:
    python3 dirs3arch.py -u http://www.example.com/ -e php -r --exclude-subdir "server-status" --exclude-status 200
  • Scan includes, classes directories in /admin/
    python3 dirs3arch.py -u http://www.example.com/admin/ -e php --scan-subdir "includes, classes"
  • Scan without following HTTP redirects:
    python3 dirs3arch.py -u http://www.example.com/ -e php --no-follow-redirects
  • Scan VHOST “backend” at IP
    python3 dirs3arch.py -u http://backend/ --ip
  • Scan www.example.com to find wordpress plugins:
    python3 dirs3arch.py -u http://www.example.com/wordpress/wp-content/plugins/ -e php -w db/wordpress/plugins.txt
  • Batch processing:
    python3 dirs3arch.py -L urllist.txt -e php


Thirdparty code
  • colorama
  • oset
  • urllib3
  • sqlmap
  • 0.3.0 – 2015.2.5 Fixed issue3, fixed timeout exception, ported to python33, other bugfixes
  • 0.2.7 – 2014.11.21 Added Url List feature (-L). Changed output. Minor Fixes
  • 0.2.6 – 2014.9.12 Fixed bug when dictionary size is greater than threads count. Fixed URL encoding bug (issue2).
  • 0.2.5 – 2014.9.2 Shows Content-Length in output and reports, added default.conf file (for setting defaults) and report auto save feature added.
  • 0.2.4 – 2014.7.17 Added Windows support, –scan-subdir|–scan-subdirs argument added, –exclude-subdir|–exclude-subdirs added, –header argument added, dirbuster dictionaries added, fixed some concurrency bugs, MVC refactoring
  • 0.2.3 – 2014.7.7 Fixed some bugs, minor refactorings, exclude status switch, “pause/next directory” feature, changed help structure, expaded default dictionary
  • 0.2.2 – 2014.7.2 Fixed some bugs, showing percentage of tested paths and added report generation feature
  • 0.2.1 – 2014.5.1 Fixed some bugs and added recursive option
  • 0.2.0 – 2014.1.31 Initial public release

Trả lời

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Đăng xuất /  Thay đổi )

Google photo

Bạn đang bình luận bằng tài khoản Google Đăng xuất /  Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Đăng xuất /  Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Đăng xuất /  Thay đổi )

Connecting to %s