Scroll Top

Dirb – Offensive Penetration Testing Tool

3 (Demo)


DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary-based attack against a web server and analyzing the response. DIRB main purpose is to help in professional web application auditing. It works by launching a dictionary based attack against a web server and analysing the responses.

The tool “Dirb” is in-built in Kali Linux, therefore, Open the terminal and type following command to start brute force directory attack.

The main purpose is to help in professional web application auditing. Especially in security-related testing. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects that other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerable.

Using Dirb:

Step 1 — Open Terminal

Step 2 — Start Dirb

Once we have a terminal open, go ahead and type dirb to get the help screen.

Kali:-  dirb

Testing for Special Vulnerable list

We can use DIRB to test for specific vulnerable objects within specific types of web technologies. Each web technology has different vulnerabilities. They are NOT all the same. DIRB can help us look for specific vulnerable objects specific to the particular technology.

In terminal:

cd /usr/share/wordlists/dirb

ls –la

cd  vulns/

ls -la

One can see from the image below that there are so many text files as wordlist; we can use them as required.

Here i entered URL:-  Dirb

Now i entered the URL of DVWA:- Dirb

Using the common.txt file, the DIRB returns the enumerated directories found within the target URL .


Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.