.png)
1 year ago
85 BOOK THIS SPACE FOR AD
ARTICLE AD“If I had six hours to chop down a tree, I’d spend the first four sharpening the axe” — Abraham Lincoln
Dirb is a tool used to identify hidden directions or content on a website. It is build in with Kali linux
It is developed by The Dark Raver.
A web content scanner is called DIRB. It looks for existing (and/or hidden) Web objects. It basically works by launching a dictionary based attack against a web server and analyzing the response. DIRB comes with a set of pre-configured attack word-lists for easy usage, but you can use your custom word-lists. Also, DIRB sometimes can be used as a classic CGI scanner, but remember, it is a content scanner, not a vulnerability scanner.
DIRB main purpose is to help with professional web application auditing. especially in security related testing and bug bounty programs. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects based on your dictionary (custom or built-in) that other generic CGI scanners can’t look for. It doesn’t search for vulnerabilities, nor does it look for web contents that can be vulnerable.
Refer below link for installation
Step 1: Open a Terminal
Start you Kali linux VM box and open terminal
Step 2: Open Dirb Tool in Terminal
Once the terminal is open, go ahead and type the dirb command. Dirb starts, and below the screen will be shown along with help.
As shown in the above screenshot , DIRB’s syntax is very simple with multiple options. In its simplest form, we only require that you type the command “dirb” followed by the “URL” of the website you are testing.
kali > dirb URL
In its simplest form, DIRB will scan the website looking for 4,612 object types. Let’s try it on our favorite test site from OWASP Broken Web Apps VM,192.168.83.128/mutillidae
Open terminal and type
It’s simplest form, DIRB will scan the website looking for 4,612 object types. Let’s try it on our favorite test site from OWASP Broken Web Apps VM,192.168.83.128/mutillidae
Open terminal and type dirb <target.com>
DIRB begins the scan looking for default dictionary keywords in the website objects.
Once completed, the results will be displayed.
Once scanning is completed, carefully observe the searched URL and try to access the hidden details . We are given one URL with the password words "key words" in the screenshot below. Try visiting in your browser; does it display any information?
Hidden passwords directory is identified in DIRB Scan
Right-click the link to open it in your browser -> open link
Open the accounts.txt text file.
Found hidden password
It shows all customer credentials. DIRB has additional features; for more information, see the help section.
I hope you like the article. Soon I will come up with another post with a new recon tool.
Bengali (Bangladesh) · 
English (United States) ·