Home Free Hacking Tools Dirhunt – Search and Analyze Target Domain Directories

Dirhunt – Search and Analyze Target Domain Directories

by Unallocated Author

Dirhunt is a python tool that can quickly search directories on target domains to find interesting directories and file locations. The URL’s can further be analyzed through offensive security tools. Dirhunt has multiple scanning features. Web developers may create an empty index files to hide certain files/data. Dirhunt can detect those blank index files.  It can also distinguish between real and fake 404 error codes on the target domain.

Other features include extracting  interesting URLs from the ‘index of’ pages, finding all the redirectors on a target domain, and processing multiple target domains simultaneously. Dirhunt supports proxies to stay anonymous and flags to filter the scan results. All the supported flags can be found using the –help command while running the tool.

Dirhunt Installation

Dirhunt can be installed by running the setup.py file from Dirhunt directory. First clone Dirhunt from Github using the following path.

git clone git://github.com/Nekmo/dirhun

Dirhunt cloning

After cloning Dirhunt, move to the Dirhunt directory and run the installation file using the following commands.

cd dirhunt
python setup.py install

Dirhunt setup installation

Dirhunt can also be installed using the Pip command.

sudo pip3 install dirhunt

Running Dirhunt

The following command runs Dirhunt on the target domain and finds the directories and urls that can be helpful in further analyzing the security of the domain.

dirhunt <target url>

For instance, by running Dirhunt on the following test domain, we see many interesting urls that can further be used in security analysis of the target host.

dirhunt http://testphp.vulnweb.com/

The results show that Dirhunt has found some interesting php files that can further be analyzed for penetration tests.

Dirhunt target scan1

For instance, by further analyzing the /categories.php path, we find urls that are vulnerable to cyber-attacks. For example, /categories.php shows a url (http://testphp.vulnweb.com/listproducts.php?cat=4) that seems vulnerable to SQL injections. We can test the security of this url by running SQL injection tool (sqlmap) as shown below.

python sqlmap.py –u http://testphp.vulnweb.com/listproducts.php?cat=4

While performing the sql injection tests on the url, it has been found that the domain is vulnerable to SQL injection and XSS attacks.

sqlmap results

What Bunny rating does it get?

Dirhunt is a fast directories scanning tool that can enumerate interesting urls from target domains without brute-forcing the target server. However, the ‘index of’ mode must be enabled on the target server to extract some more interesting files.. As a result we will be awarding this tool a rating of 4 out of 5 bunnies.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

You may also like