web privacy

dirs3arch – HTTP File & Directory Brute Forcing Tool

July 9, 2014

dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Recursive brute forcing Getting Started

Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options]

Options:
  -h, --help            show this help message and exit

  Mandatory:
    -u URL, --url=URL   URL target
    -e EXTENSIONS, --extensions=EXTENSIONS
                        Extensions list separated by comma (Example: php, asp)

  Dictionary Settings:
    -w WORDLIST, --wordlist=WORDLIST
    -l, --lowercase

  General Settings:
    -r, --recursive     Bruteforce recursively
    -t THREADSCOUNT, --threads=THREADSCOUNT
                        Number of Threads
    -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
                        Exclude status code, separated by comma (example: 301,
                        500)
    --cookie=COOKIE, --cookie=COOKIE
    --user-agent=USERAGENT, --user-agent=USERAGENT
    --no-follow-redirects, --no-follow-redirects

  Connection Settings:
    --timeout=TIMEOUT, --timeout=TIMEOUT
                        Connection timeout
    --ip=IP, --ip=IP    Destination IP (instead of resolving domain, use this
                        ip)
    --http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY
                        Http Proxy (example: localhost:8080
    --max-retries=MAXRETRIES, --max-retries=MAXRETRIES

  Reports:
    -o OUTPUTFILE, --output=OUTPUTFILE
    --json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE

Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options]

Options:

-h, --help show this help message and exit

Mandatory:

-u URL, --url=URL URL target

-e EXTENSIONS, --extensions=EXTENSIONS

Extensions list separated by comma (Example: php, asp)

Dictionary Settings:

-w WORDLIST, --wordlist=WORDLIST

-l, --lowercase

General Settings:

-r, --recursive Bruteforce recursively

-t THREADSCOUNT, --threads=THREADSCOUNT

Number of Threads

-x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES

Exclude status code, separated by comma (example: 301,

500)

--cookie=COOKIE, --cookie=COOKIE

--user-agent=USERAGENT, --user-agent=USERAGENT

--no-follow-redirects, --no-follow-redirects

Connection Settings:

--timeout=TIMEOUT, --timeout=TIMEOUT

Connection timeout

--ip=IP, --ip=IP Destination IP (instead of resolving domain, use this

ip)

--http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY

Http Proxy (example: localhost:8080

--max-retries=MAXRETRIES, --max-retries=MAXRETRIES

Reports:

-o OUTPUTFILE, --output=OUTPUTFILE

--json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE

You […]

Buffer

Facebook Introduces OTP (One-time Password) Functionality

October 13, 2010

Nice to see an innovation on the security front for once rather than endless ‘feature’ updates and announcements of ‘the next big thing’. Facebook has had its fair share of security woes so it’s nice to see they are doing something which I think may be genuinely useful for it’s burgeoning user base. A lot […]

Buffer

PayPal Patches Critical Security Vulnerabilities

April 22, 2010

[ad] PayPal in the news again for a series of fairly high-profile vulnerabilities discovered by the same guy that found the XSS bugs in Google Calendar and Twitter (Nir Goldshlager). I’m glad people are looking at PayPal as I’m sure the volume of monetary transactions that pass through their site on a daily basis is […]

Buffer

Google Buzz Patches XSS Flaw In Mobile Version

February 18, 2010

[ad] You may or may not have noticed, but I was on hiatus for a few days. As you’re probably aware (and I’m sure many of you celebrate) it was Chinese New Year on February 14th so I was offline for a few days taking a well deserved break. I’d like to wish all of […]

Buffer

Facebook Bug Leaks Birthday Data

July 17, 2008

[ad] It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy. A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes […]

Buffer

dirs3arch – HTTP File & Directory Brute Forcing Tool

Facebook Introduces OTP (One-time Password) Functionality

PayPal Patches Critical Security Vulnerabilities

Google Buzz Patches XSS Flaw In Mobile Version

Facebook Bug Leaks Birthday Data

Most Viewed Posts

Search

Recent Posts

web privacy

Footer

Most Viewed Posts

Search

Recent Posts

Tags