DIRB is a Web Content Scanner. It looks for existing and/or hidden Web Objects. It basically works by launching a dictionary based attack against a web server and analizing the response.
DIRB comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also DIRB sometimes can be used as a classic CGI scanner, but remember is a content scanner not a vulnerability scanner. We need to figure the vulnerability out and run the test manually.
How does DIRB work?
URL Bruteforcer It looks for hidden Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response. DIRB main purpose is to help in web application auditing.
DIRB main purpose is to help in professional web application auditing. Specially in security related testing. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects that other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerable.
This tool will only ease your work if you have conducted lots of audits on web applications or you have many experience do that . As looking at the result we need to conclude weather it is vulnerable or not.
Operating systems supported:
Windows XP sp2 and above 32 bit
*nix systems
Download DIRB here
Searches leading to this post:
dirb
If you enjoyed this article, you might also like:
- August 30, 2010 -- UPDATE: Skipfish-1.62b!
Skipfish has been updated yet again! The latest release is Skipfish-1.62b! “Skipfish is a fully aut... - August 26, 2010 -- WebAppTools : Tools for web servers and web applications testing.
The complex of programs and the knowledge base for the vulnerability analysis of the implementations... - August 20, 2010 -- UPDATE: XSSer v0.7a!
All of you web application penetration testers, check out this release of XSSer version 0.7a, for i... - August 16, 2010 -- UPDATE: Websecurify 0.7!
Good news for Websecurify lovers, as we have an updated Websecurify version 0.7 amongst us finally! ... - August 13, 2010 -- DOMTracer – Firefox Plugin for Trace DOM and JavaScript Calls
DOMTracer the DOM as seen in all the aforementioned cases needs to be analyzed in many aspects. Run-... - August 9, 2010 -- UPDATE: Skipfish-1.55b!
Skipfish has been updated yet again! The latest release is Skipfish-1.55b! “Skipfish is a fully aut... - August 9, 2010 -- UPDATE: Websecurify 0.7RC2!
Right on time this time! We have an updated Websecurify version 0.7RC2 amongst us now!“Websecu... - August 3, 2010 -- UPDATE: Websecurify 0.7RC1!
Also, pretty late with this one (almost 6 days!), but here it is - we have an updated Websecurify ve... - July 27, 2010 -- PuzlBox: A PHP Fuzz Tool that Scans for Different Vulnerabilities!
PuzlBox is a PHP fuzz tool that scans for several different vulnerabilities by performing dynamic pr...
Tagged as: Bruteforce, content filtering, DIRB, FastCGI, Web Application Scanner
You must log in to post a comment.