DIRB
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary-based attack against a web server and analyzing the response. DIRB main purpose is to help in professional web application auditing. It works by launching a dictionary based attack against a web server and analysing the responses.
The tool “Dirb” is in-built in Kali Linux, therefore, Open the terminal and type following command to start brute force directory attack.
The main purpose is to help in professional web application auditing. Especially in security-related testing. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects that other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerable.
Using Dirb:
Step 1 — Open Terminal
Step 2 — Start Dirb
Once we have a terminal open, go ahead and type dirb to get the help screen.
Kali:- dirb
Testing for Special Vulnerable list
We can use DIRB to test for specific vulnerable objects within specific types of web technologies. Each web technology has different vulnerabilities. They are NOT all the same. DIRB can help us look for specific vulnerable objects specific to the particular technology.
In terminal:
cd /usr/share/wordlists/dirb
ls –la
cd vulns/
ls -la
One can see from the image below that there are so many text files as wordlist; we can use them as required.
Here i entered URL:- Dirb https://www.google.com
Now i entered the URL of DVWA:- Dirb http://192.168.1.106/dvwa
Using the common.txt file, the DIRB returns the enumerated directories found within the target URL .