dirb is a classic, fast, and lightweight web content scanner used in Linux (including Kali Linux) to brute-force and discover hidden directories and files on web servers. It’s commonly used during the reconnaissance and enumeration phase of penetration testing or bug bounty hunting.
⚠️ Note:
dirbis no longer actively maintained (last update ~2015), and modern alternatives likegobuster,ffuf, ordirsearchare preferred for performance and features. However,dirbis still useful for learning and simple tasks.
🔍 What Does dirb Do?
- Sends HTTP requests to a target website using a wordlist of common directory/file names.
- Identifies valid paths based on HTTP response codes (e.g., 200 OK, 301 Redirect, 403 Forbidden).
- Helps uncover:
- Admin panels (
/admin,/wp-admin) - Backup files (
/backup.zip,/config.bak) - Hidden APIs (
/api/v1/) - Sensitive directories (
/logs,/uploads)
- Admin panels (
Basic Usage
1. Install dirb (if not present)
sudo apt update && sudo apt install dirb -y
2. Basic Scan
dirb http://target.com
→ Uses default wordlist (/usr/share/dirb/wordlists/common.txt).
3. Custom Wordlist
dirb http://target.com /usr/share/wordlists/dirb/big.txt
4. Scan with File Extensions
dirb http://target.com -X .php,.html,.txt
→ Appends extensions to each word (e.g., login.php, config.html).
5. Save Output to File
dirb http://target.com -o scan_results.txt
6. Use Proxy or Custom Headers
dirb http://target.com -p http://127.0.0.1:8080 # via proxy
dirb http://target.com -H "User-Agent: Mozilla/5.0" # custom header
📁 Common Wordlists in Kali
| Path | Description |
|---|---|
/usr/share/dirb/wordlists/common.txt | Default (900+ entries) |
/usr/share/dirb/wordlists/vulns/ | Lists for specific vulns (e.g., Apache, IIS) |
/usr/share/wordlists/dirb/ | Additional lists (small.txt, big.txt, etc.) |
💡 Tip: Combine with
seclistsfor better coverage:sudo apt install seclists
dirb http://target.com /usr/share/seclists/Discovery/Web-Content/common.txt
Example: Find Admin Panel
dirb http://192.168.1.100 -X .php,.html
Output might reveal:
==> DIRECTORY: http://192.168.1.100/admin/
+ http://192.168.1.100/login.php (CODE:200)
⚠️ Limitations of dirb
| Issue | Explanation |
|---|---|
| No multithreading | Slower than gobuster or ffuf |
| No recursive scanning by default | Must enable with -r (but still limited) |
| No modern features | No rate limiting, JSON output, or advanced filtering |
| Fails on dynamic sites | Struggles with JavaScript-rendered content |
🔁 Modern Alternatives (Recommended)
| Tool | Advantage |
|---|---|
gobuster | Fast, multi-threaded, supports DNS/vhost scanning |
ffuf | Extremely flexible, great for fuzzing and API testing |
dirsearch | Python-based, recursive, handles redirects well |
Example with gobuster (faster):
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt
Ethical Reminder
Only scan systems you own or have explicit permission to test. Unauthorized directory brute-forcing may violate laws or terms of service.
Summary
dirb= Simple, educational tool for basic web directory brute-forcing.- Use it for: CTFs, labs, or quick checks.
- Avoid it for: Large-scale, professional engagements—opt for
ffuforgobusterinstead.
