Description
This plugin finds directories on a web server by brute-forcing their names using a wordlist. Given the large amount of time that this plugin can consume, by default, it will only try to identify directories in the web root (“/”), ignoring the path that is sent as its input. Two configurable parameters exist:
- wordlist: The wordlist to be used in the directory bruteforce process.
- be_recursive: If set to True, this plugin will bruteforce all
directories, not only the root directory.
Plugin type
Options
Name | Type | Default Value | Description | Help |
wordlist | input_file | plugins/crawl/dir_bruter/common_dirs_small.db | Wordlist to use in directory bruteforcing process. | No detailed help available |
be_recursive | boolean | True | If set to True, this plugin will bruteforce all directories, not only the root directory. | WARNING: Enabling this will make the plugin send LOTS of requests. |
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.