dirscan-node - Web directory scanning tool for pentesters
Web directory scanning tool, powered by node.js
This tool is useful for pentesters, to identify interesting web files and directories, that could open attack vectors to the target on the audited site.
Installation
Install node.js from: http://nodejs.org/download/chmod 755 dirscan.js
and go!
Usage :
./dirscan.js URL Wordlist Extensions
example:
./dirscan.js http://site.com/ wordlists/dirs.txt '.php,.sql'
Details
Main features:
- wordlist based scan
- recursive web scanning
- multiples extensions
- directory listing support
- full detailed output
- colored output
- follow same-origin redirects
TODO
To develop:
- autodetect extensions
- 404 identificator
- html crawl
- timming measurement
- use cluster lib to take profit of the multicore
Thanks
The wordlist is based on dirb's wordlist, with extra pentest successful words.
Disclaimer
Warning, this tool can damage the remote site performance, use with caution.
This tool is only for:
- educational purposes
- authorized pentests
- self-audits for admins
Issues
If you get a "Error: connect EMFILE" must increase the opened files limit:
- ulimit -n 9000
Source-
Screenshot -