Url List required about dirsearch HOT 10 CLOSED

Hi donovan0!

I think it's a great idea! I'll be adding that feature for the 0.3 release (it might be the next one or the following).

Thanks for your request! and if you have another one open a new issue.

from dirsearch.

Hi,

Thank you verry much to take care about my request & that's a great news
about this new feature you will add !

Love your app, because compared to other like DirBuster is a ton Faster &
directly run from terminal, no GUI ;-)

I am on Mac OSX Mavericks 1.9.5 = run perfectly out of the box ;-)

Regards,

Don

2014-09-29 14:18 GMT+02:00 Mauro Soria [email protected]:

Hi donovan0!

I think it's a great idea! I'll be adding that feature for the 0.3 release
(it might be the next one or the following).

Thanks for your request! and if you have another one open a new issue.

—
Reply to this email directly or view it on GitHub
#4 (comment).

from dirsearch.

I've started dirs3arch because the lack of support of dirs3arch... So it's good news that at least for you is a good replacemente for dirbuster :)

I started to code -L feature, so I'd be really useful for me that you test the option and tell me how it works. Would you help me?

it's in branch "devel". Use the following command to download the testing version:

git clone https://github.com/maurosoria/dirs3arch -b devel

(please, test ctrl+c to see if the "skip target" works properly)

Thanks in advance!

from dirsearch.

Hi,

yes of course, i can help as well...

First of all, sorry for my poor English speaking, i'm french & English is
not my native language ( nobody is perfect lol )

Ok, i use the -L ( --url-list= ) option & launch the app, with for sure
before past the"url List inside the app folder...

Unfortunately got this error ;

MacBookPro:dir xxx$ ./dirs3arch.py --url-list=url.txt -e cgi -r
__
|. _ _ ) _ _ | v0.2.6
(||| ) __)(|| (| )

Extensions: cgi | Threads: 10 | Wordlist size: 3505
Unexpected error:
Couldn't resolve DNS

So i am not be able to load the url list as well...

I stay tuned & ok for continue the test ;-)

Best Regards,

Don

2014-09-30 0:47 GMT+02:00 Mauro Soria [email protected]:

I've started dirs3arch because the lack of support of dirs3arch... So it's
good news that at least for you is a good replacemente for dirbuster :)

I started to code -L feature, so I'd be really useful for me that you test
the option and tell me how it works. Would you help me?

it's in branch "devel". Use the following command to download the testing
version:

git clone https://github.com/maurosoria/dirs3arch -b devel

Thanks in advance!

—
Reply to this email directly or view it on GitHub
#4 (comment).

from dirsearch.

Actually, english it's not my native language neither (I'm from Argentina).

This is weird, because I've tested in a virtual machine and two other boxes and I had no problem.

Which targets did you use? You can try with acunetix test website:

http://test.acunetix.com/

from dirsearch.

HI Mauro,

Ok, it's working now....i follow your advices by testing with the Acunetix
url's & it's working great.. !

I don't no if it's the reason or not, anyway, here the fact :

My First URL list are composed by adress sorted like this ;

http://site.com
http://site2.com

I added a " / " at the end & it's working.....( i"ve got 2 crash ( app
blocked ) & i have to restarted the app, & finaly it's done until the
end...)

I just put 5 urls to test....

in this type ;

http://site.com/
http://site2.com/

Now i have to test with big list & see if it's running as well until the
end....

Maybe it will be necessary to add a stop between 2 site/url, because i
suspected or time out process ( maybe the reason of my crash/app blocked )

Another question about the report, may we have a solution to only get the
#200 hits & not the #301, #302, #500 etc... or we have to use the exclude
option as ; --exclude-status=301, etc... ?

Thanks in advance,

Regards,

Don

2014-10-01 1:54 GMT+02:00 Mauro Soria [email protected]:

Actually, english it's not my native language neither (I'm from Argentina).

This is weird, because I've tested in a virtual machine and two other
boxes and I had no problem.

Which targets did you used? You can try with acunetix test website:

http://test.acunetix.com/

—
Reply to this email directly or view it on GitHub
#4 (comment).

from dirsearch.

Hi donovan,

First, thank you for your time, your help is being very helpful to me =)

Secondly, I've pushed a new update with a few patches in order to solve the blocking problem (I've experimented the same issue as well). So please, update the version (go to folder, and execute "git pull", or just get a fresh copy with git clone .. -b devel).

About testing with a huge dictionary, it is not necessary (you've already done enough).

About the status codes, I am going add that option, thanks for the suggestion.

What do you think about adding a crawler? I am thinking about it, but no really sure what to do ... one of the main problems would be the interface, command line wouldn't be suitable.

Thanks

from dirsearch.

Hi Mauro,

You are welcome about the test....it's a pleasure.

Well done for the new update, it was quick ! that's great ! i will test it
& report to you as wel.

about status code, yes can be great to leave only the #200 & let the user
choice if he want to add any other one, but by default " Out of the Box",
it can be usefull to let displaying only the readable Dir's &
files....other are for sure usefull for sure, in the case by ex; of a #300,
401 etc.." restricted folder, like "Site.com/cgi-bin/" who are in the
majority of the cases restricted, but if another readble dir are inside the
"/cgi-bin/" like by ex; "/cgi-bin/data/db/file.php" where "data" Folder can
be reable a permission unlocked , here if we are in Status #200 for cgi-bin
only by the way we can not reach it, the only way is to selected the "-r"
option who allow us to start from each find folders, in this case the app
will test from /cgi-Bin/" start & brute force the rest....this way is
particulary usufull for finding some specific's files....

Concern, the fact to add "Crawler & eventuality a complex fuzzer...i can
say in advance = YES !!! :-)) , can we talk about in private ? in this
case, you got already my email...please reply to me on this mail & i tell
you what i think about.

Best Regards,

Don'

2014-10-02 1:25 GMT+02:00 Mauro Soria [email protected]:

Hi donovan,

First, thank you for your time, your help is being very helpful to me =)

Secondly, I've pushed a new update with a few patches in order to solve
the blocking problem (I've experimented the same issue as well). So please,
update the version (go to folder, and execute "git pull", or just get a
fresh copy with git clone .. -b devel).

About testing with a huge dictionary, it is not necessary (you've already
done enough).

About the status codes, I am going add that option, thanks for the
suggestion.

What do you think about adding a crawler? I am thinking about it, but no
really sure what to do ... one of the main problems would be the interface,
command line wouldn't be suitable.

Thanks

—
Reply to this email directly or view it on GitHub
#4 (comment).

from dirsearch.

Actually, there are two things that could be helpful to you.

First one, in /db folder there are files to blacklist some dicionary entries depending on status codes. For example, "db/403_blacklist.txt" you can add cgi-bin to that file, so when dirs3arch detects that folder with 403 code, it won't be reported (the same with other status codes).
https://github.com/maurosoria/dirs3arch/blob/master/db/403_blacklist.txt

Secondly, it's about "defaults.conf", it's a configuration file you can modify to your needs. The the default configuration is:
https://github.com/maurosoria/dirs3arch/blob/master/default.conf
You can uncomment the line "#exclude-status = 200,301" removing #, and put the status codes you want to exclude by default. For example, I use this feature to disable 500 errors that are really annoying.

About the crawling option, I'll send you an email about what I've in mind =)

Thanks for your help

from dirsearch.

Hi Mauro,

Sorry for the delay of my reply..was out...

1/ concern your advicesa about the "blacklist" file & the Configuration
file, ok, great understand...thank you.

2/ About crawling option to add, ok, i will wait your mail & will reply to
you as well about.

Regards,

Don'

2014-10-02 22:55 GMT+02:00 Mauro Soria [email protected]:

Actually, there are two things that could be helpful to you.

First one, in /db folder there are files to blacklist some dicionary
entries depending on status codes. For example, "db/403_blacklist.txt" you
can add cgi-bin to that file, so when dirs3arch detects that folder with
403 code, it won't be reported (the same with other status codes).
https://github.com/maurosoria/dirs3arch/blob/master/db/403_blacklist.txt

Secondly, it's about "defaults.conf", it's a configuration file you can
modify to your needs. The the default configuration is:
https://github.com/maurosoria/dirs3arch/blob/master/default.conf
You can uncomment the line "#exclude-status = 200,301" removing #, and put
the status codes you want to exclude by default. For example, I use this
feature to disable 500 errors that are really annoying.

About the crawling option, I'll send you an email about what I've in mind
=)

Thanks for your help

—
Reply to this email directly or view it on GitHub
#4 (comment).

from dirsearch.