Dirb: A quick guide

dirb is a command line utility that can be used to scan web directories to find hidden files and directories. It is commonly used by security professionals to perform security assessments of web applications. To use dirb, you would typically run the command dirb [url] [wordlist], where [url] is the URL of the web application you want to scan, and [wordlist] is a list of words that dirb will use to try to discover hidden directories and files. For example, you might run dirb https://example.com /usr/share/dirb/wordlists/common.txt to scan the example.com web application using the common.txt wordlist.

Let's say you have a web application running on your local machine at http://localhost:8080 and you want to scan it for hidden directories and files. First, you would need to have dirb installed on your machine. If you're using Kali Linux, dirb should be installed by default. If you're using another Linux distribution, you may need to install dirb using your package manager (e.g. apt-get install dirb on Ubuntu).

Once you have dirb installed, you can run the following command to scan your web application:

dirb http://localhost:8080 /usr/share/dirb/wordlists/common.txt

This command will scan the http://localhost:8080 web application using the common.txt wordlist, which contains a list of common words that are often used in web directories and file names. As dirb scans the application, it will output any hidden directories or files that it finds, along with their corresponding URLs. For example, you might see output like this:

---- Scanning URL: http://localhost:8080/ ---- 

==> DIRECTORY: http://localhost:8080/admin/ 

==> DIRECTORY: http://localhost:8080/docs/ 

==> FILE: http://localhost:8080/hidden.txt


This output shows that dirb has discovered two hidden directories (/admin/ and /docs/) and one hidden file (/hidden.txt). You can then use this information to explore these hidden directories and files and assess their security.