Description

This plugin finds directories on a web server by brute-forcing their names using a wordlist. Given the large amount of time that this plugin can consume, by default, it will only try to identify directories in the web root (“/”), ignoring the path that is sent as its input. Two configurable parameters exist:

  • wordlist: The wordlist to be used in the directory bruteforce process.
  • be_recursive: If set to True, this plugin will bruteforce all
  • directories, not only the root directory.

Plugin type

Crawl

Options

Name Type Default Value Description Help
wordlist input_file plugins/crawl/dir_bruter/common_dirs_small.db Wordlist to use in directory bruteforcing process. No detailed help available
be_recursive boolean True If set to True, this plugin will bruteforce all directories, not only the root directory. WARNING: Enabling this will make the plugin send LOTS of requests.

Source

For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code

Dependencies

This plugin has no dependencies.