DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it

Related tags

Security DirDar
Overview

DirDar v1.0

Description

🏴‍☠️ bypass forbidden directories - find and identify dir listing - you can use it as directory brute-forcer as well

Compatabily

This tool is compatible with all kind of operating systems as long as you have GO compiler installed

Install

You can use this command if you have Go installed and configured.

go get -u github.com/m4dm0e/dirdar

Or you can download a release. To make it easier to execute you can put the directory to the binary in your environment variable %PATH%.


Share on Twitter!

Website LinkedIn Website

Tool screen:

  • Linux

    linux

  • Windows

    windows

Help&Flags

  -threads int
    	Number of threads (Defaulf 40)
  -err
    	If you want to show errors!(Includes 404 errors) [True-False]
  -only-ok
    	Print out only OK (Bypassed and dir listing) 
  -single string
    	Only scan single target e.g (-single https://example.com/)
  -t int
    	Set the timeout of the requests (default 10000)
  -wl string
    	Forbidden directories WordList

  • Screenshot

    help

Bugs found by DirDar: (Will share the write up ASAP)

  • BackUp files at MTN Group (Triaged)
  • OLD php scripts to SQLi at MTN Group (Triaged)
  • OLD Files to information disclosure at BOSCH (Triaged)

Review:

asciicast

You might also like...
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •

A tool for secrets management, encryption as a service, and privileged access management
A tool for secrets management, encryption as a service, and privileged access management

Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Finder Of XSS, and Dal(달) is the Korean pronunciation of moon. What is DalFox 🌘 🦊 DalFox is a fast, powerful parameter analysis and XSS scanner, bas

A modern tool for the Windows kernel exploration and tracing
A modern tool for the Windows kernel exploration and tracing

Fibratus A modern tool for the Windows kernel exploration and observability Get Started » Docs • Filaments • Download • Discussions What is Fibratus?

kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA
kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA

Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

 🌀 Dismap - Asset discovery and identification tool
🌀 Dismap - Asset discovery and identification tool

🌀 Dismap - Asset discovery and identification tool [English readme Click Me] Dismap 定位是一个资产发现和识别工具;其特色功能在于快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑

A pledge(2) and unveil(2)'d tool for verifying GnuPG signatures.

ogvt A pledge(2) and unveil(2)'d tool for verifying GnuPG signatures. Success ./ogvt -file test/uptime.txt -sig test/uptime.txt.asc -pub test/adent.p

A GREAT GUI Offline Tool for manipulating/seeking resolver list of repique and dnscrypt proxy.
A GREAT GUI Offline Tool for manipulating/seeking resolver list of repique and dnscrypt proxy.

Intro A GUI Offline Tool for decrypting and manipulating *.md files used by repique and dnscrypt proxy It's targeted for creating your own DoT, DoH an

Comments
  • panic: Your platform is unsupported! I can't clear terminal screen :(

    panic: Your platform is unsupported! I can't clear terminal screen :(

    ➜ dirdar cat ip.txt | ./dirdar -err
    panic: Your platform is unsupported! I can't clear terminal screen :(

    goroutine 1 [running]: main.scre3n(...) /home/ali/t00ls/DirDar/main.go:71 main.bann3r() /home/ali/t00ls/DirDar/main.go:307 +0x242 main.main() /home/ali/t00ls/DirDar/main.go:330 +0x34

    opened by N0o01 0
Owner
Mohammed Al-Barbari
I try to build the tools that make ur life easier
Mohammed Al-Barbari
erchive is a go program that compresses and encrypts files and entire directories into .zep files (encrypted zip files).

erchive/zep erchive is a go program that compresses and encrypts files and entire directories into .zep files (encrypted zip files). it compresses usi

Christopher Walters 1 May 16, 2022
Get and summarize iOS app reviews.

ceraxus Get and summarize iOS app reviews. Docker Version > docker --version Docker version 20.10.8, build 3967b7d > docker-compose --version docker-

tokizo 0 May 3, 2022
Monitor your certificates and get notified before they expire.

Sifaka Sifaka is a tool to monitor your x509 certificates or simply websites certificates expirey date. If your organisation is handling some certs re

Jakub 6 Apr 16, 2022
Exploit for remote command execution in Golang go get command.

CVE-2018-6574 Exploit for remote command execution in Golang go get command. Introduction When you go get a package, Go is designed to build and insta

Devang Solanki 0 Oct 15, 2021
Generate client secret for Apple get token call

Generate client secret for Apple get token call A util to generate client secret used in Apple get token call. Create a config.json file with the foll

Yu Ke 0 Jan 6, 2022
gup aka Get All Urls parameters to create wordlists for brute forcing parameters.

Description GUP is a tool to create wrodlists from the urls. Purpose The purpose of this tool is to create wordlists for brute forcing parameters. Ins

Chan Nyein Wai 14 Feb 25, 2022
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

Filippo Valsorda 12.2k Dec 2, 2022
Static binary analysis tool to compute shared strings references between binaries and output in JSON, YAML and YARA

StrTwins StrTwins is a binary analysis tool, powered by radare, that is capable to find shared code string references between executables and output i

Anderson 2 May 3, 2022
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

dw1 142 Nov 10, 2022
A scalable overlay networking tool with a focus on performance, simplicity and security

What is Nebula? Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect comp

Slack 10.9k Dec 7, 2022