- Basic Usage
- Brute-force Directories and Files
- Recursive Bruteforcing
- Custom Wordlist
- Filter Responses by Status Code
- Exclude Noisy Status Codes
- Use HTTP Headers (e.g. JWT, Cookies)
- Rate Limiting / Throttling Handling
- Proxy Support (Burp/ZAP)
- Extensions Fuzzing
- Silent / Report Mode
- Pro Tips
Tool Overviewdirsearch is a fast command-line web path scanner written in Python. It’s used to brute-force directories and files on web servers using wordlists.
Basic Usage
python3 dirsearch.py -u https://target.com -e php,html,js
-u: Target URL -e: Extensions to brute-force
Brute-force Directories and Files
python3 dirsearch.py -u https://target.com -e php,html,js,txt,zip,sql
Recursive Bruteforcing
python3 dirsearch.py -u https://target.com -e php -r
Custom Wordlist
python3 dirsearch.py -u https://target.com -w /path/to/custom-list.txt
Filter Responses by Status Code
python3 dirsearch.py -u https://target.com -e php -i 200,403
Exclude Noisy Status Codes
python3 dirsearch.py -u https://target.com -e php -x 404,500
Use HTTP Headers (e.g. JWT, Cookies)
python3 dirsearch.py -u https://target.com -H "Authorization: Bearer <token>"
Rate Limiting / Throttling Handling
python3 dirsearch.py -u https://target.com -t 5 --delay 1
Proxy Support (Burp/ZAP)
python3 dirsearch.py -u https://target.com --proxy http://127.0.0.1:8080
Extensions Fuzzing
python3 dirsearch.py -u https://target.com/index -e php,html,bak,zip
Silent / Report Mode
python3 dirsearch.py -u https://target.com -o report.txt --format simple
Pro Tips
Use with projectdiscovery/httpx for live host enumeration
Combine with ffuf, gau, or waybackurls for more dynamic discovery
Try paths from tools like GitHub dorks or JSParser