The main goal of this document is to describe how Dirb can be installed, configured and used on a OSX environment. This tool must only be used in SecDevLabs apps and on systems you have proper authorization.
All you need to do is follow the commands below, and Dirb will be installed in no time!
First, we need to download the installer from SourceForge:
curl -L https://sourceforge.net/projects/dirb/files/dirb/2.22/dirb222.tar.gz/download -o dirb222.tar.gz
Now we need to tar extract the files, which can be done through the commands:
tar xvzf dirb222.tar.gz
In order to properly install Dirb, the installer needs to have write
and read
permissions, which is granted through the recursive command:
chmod 766 dirb222
cd dirb222
find . -type d -exec chmod 766 {} \;
Now, to make the configure
script executable, we need to grant it execution permission:
chmod +x configure
./configure
Before compiling the code itself, we strongly advice developers to read the source code first! 🔍
Now that you gave it a look, to compile the code, simply run:
make && make install
For this course, we are providing you with a wordlist of common URL directories from SecLists, which can be found here, to be used with Dirb. Feel free to use your own though 😉 !
To use Dirb, we need an URL and a wordlist. What the tool does now is try to access each and every URL directory present in the wordlist to see which ones are available. This is done by having a look at the response Status Code and we can confirm that by having a look at Figure 1, in which only the pages that returned a status code of 200 (OK) are shown.
An example on how to use it would be as follows:
dirb http://localhost:5000 ./docs/common.txt