Footprinting and Reconnaissance with DIRB Tool (For Security Researcher and Bug Bounty Hunters)

Reconnaissance play very important role in any security auditing or bug bounty program. In this article we will see how DIRB can be used for Reconnaissance and Footprinng.

“If I had six hours to chop down a tree, I’d spend the first four sharpening the axe” – Abraham Lincoln

Introduction to DIRB

Dirb is a tool used to identify hidden directry or content of a website. It is build in with Kali linux

It is developed by The Dark Raver.

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response. DIRB comes with a set of pre-configured attack word-lists for easy usage but you can use your custom word-lists. Also DIRB sometimes can be used as a classic CGI scanner, but remember is a content scanner not a vulnerability scanner

Why to use DIRB and what is its purpose

DIRB main purpose is to help in professional web application auditing. Specially in security related testing and bug bounty. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects based on your disctionary(custom or build-in)that other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerable.

How to use DIRB

Step 1: Open a Terminal

Start you Kali linux VM box and open terminal

Step 2: Open Dirb Tool in Terminal

Once terminal is open go ahead and type Dirb command. Dirb starts and below screen will be shown along with help

As shown in above screenshot , DIRB’s syntax is very simple with multiple options. In its simplest form, we only require to type the command “dirb” followed by the “URL” of the website we are testing.

kali > dirb URL

How to Use DIRB for a Simple Hidden Object Scan(Discover hidden password)

It’s simplest form, DIRB will scan the website looking for 4,612 object types. Let’s try it on our favorite test site from OWASP Broken Web Apps VM,192.168.83.128/mutillidae

Open terminal and type



DIRB begins the scan looking for default dictionary keywords in the website objects.

Details result will be shown once its completed.

Once scanning is completed carefully observed the searched URL and try to access the hidden details . In below screenshot we are got one URL with password words key words. Try to visit in browser and does it shows any information or not.

Hidden passwords directory is identified in DIRB Scan

Open link in browser by right click -> open link

Open accounts.txt text file.

Found hidden password

It shows all customer credentials. There are other features of DIRB you can go through help for more details.

Leave a Reply