A recon tool for scanning a lot of web paths in parallel!
WARNING: do not use this tool to scan targets you aren't authorized to scan!
Clone the repo, cd into it, and run ./install.sh.
This will build the Docker image and copy the script to /usr/local/bin.
The way it works is you pass dirscour a domain or a file containing 1 domain per line.
In the former case, dirscour uses amass to enumerate subdomains and then dirsearch to scan their web paths.
In the latter case, dirscour scans web paths for the domains listed in the file.
USAGE: ./dirscour [OPTIONS] <domain/@file>
OPTIONS:
-h log usage information and exit
-c run in Docker container
-d path to dirsearch directory
-o path to output directory
-p number of daemon processes to spawn (default: 20)
-w wordlist for web path discovery (default: <dirsearch>/db/dicc.txt)
dirscour maintains a process pool for scanning web paths. When a process finishes scanning one domain, it scans the next (unscanned) domain. You can adjust the size of the process pool with the -p option.
If you don't have amass or dirsearch installed on your machine, you can still use dirscour. Just specify the -c flag and dirscour will run in a Docker container with all the necessary tooling. Note: this will build the Docker image if it doesn't exist.
If you already have the tools installed on your machine, you can run dirscour without Docker. Specify the -d option to point dirscour to the directory containing dirsearch.py. By default, dirscour uses the wordlist, <dirsearch>/db/dicc.txt, for discovering web paths; however, you can specify a different wordlist with -w.
You must tell dirscour where to write scan results by including the -o option with the path to the output directory. Web paths for each domain will be written to <output-directory>/reports/<domain>.txt.
Do it!
Whether it's cleaning up code, adding another tool, or incorporating another recon technique, all contributions are welcome!
If you have an idea to make dirscour better, open an issue and/or create a pull request!