Project Roadmap

[Isona]

A list of features that would be nice to add, listed in no particular order:

Input

• [ ] Load base request from a file
• [ ] Load headers from a file
• [ ] Remove empty lines from a wordlist when it's read in, but always scan [url]/
• [x] Support for multiple wordlists
• [ ] Load command line options from a config file
• [x] Better detection of where the default wordlist is located
• [ ] Option to pause and resume scans later

Error Checking

• [ ] Check before scanning if a certificate is invalid
• [ ] Optionally output certificate details
• [ ] Better errors when curl returns an error, this is currently represented as a code 0
• [ ] Detection and handling of URL rewriting
• [ ] Wait after receiving a 429 - Too Many Requests
• [x] Detect when all responses are 401 - Unauthorized or 403 - Forbidden

Output

• [ ] Better header on report
• [ ] Separate report sections for different hosts
• [x] JSON output format
• [x] XML output format
• [x] Option to store all output formats
• [ ] Filter output based on regex
• [x] Filter on response length
• [ ] Option to output all "found" content to a folder
• [ ] Option to display when a cookie is set by the server
• [x] Output colouring based on response code
• [ ] Security header audit
• [ ] Option to output Page Title
• [ ] Filtering on MIME type
• [ ] Option to report MIME type

Scraping

• [ ] Scrape pages for in scope URLs to scan
• [ ] Printing of interesting comments, things such as todo, urls, high entropy sections such as hashes
• [ ] Scrape robots.txt for URLs to scan

Scanning

• [ ] Detect if a server is case sensitive
• [ ] Detect if a server replies sensibly to HEAD requests and if it does, use those to save bandwidth (would potentially interfere with scraping however)
• [x] Support for different HTTP verbs
• [ ] Option to change string used to detect if a directory is listable
• [x] Set which status codes to ignore/output
• [ ] Interactive recursion
• [ ] Option to not scan without an extension
• [ ] Set subdirectories to exclude in the scan
• [ ] Options to set predefined user agents
• [ ] Option to use random user agents
• [ ] Better 30x handling
• [x] Wordlist prefixes
• [ ] Vhost bruteforcing
• [x] Not found tuning
• [x] Max recursion depth setting
• [ ] Get OPTIONS for each folder scanned
• [ ] Option to take a screenshot of each page found, similar to Eyewitness
• [ ] Check if a 401 page is requesting basic auth

Releasing

• [x] Mac build
• [ ] Debian dpkg
• [ ] Arch pkgbuild
• [ ] Ubuntu snap
• [ ] Ubuntu PPA
• [ ] Centos/Fedora RPM
• [ ] Gentoo ebuild
• [ ] Windows installer (self-updating?)
• [ ] Mac Homebrew release
• [ ] Release on crates.io
• [ ] Generate man page with clap
• [ ] Generate auto-completion script with clap

Actions

• [x] Run tests on Windows, Mac, Linux
• [ ] Cross-compile for ARM
• [ ] Build releases
• [ ] Build dpkg & RPM

[lean0x2F]

Hi! I don't want to open a new issue for this so I'm commenting here. First of all, great tool, I've been using it for a few days and works like a charm.

I would like to suggest a feature from "dirb" from Ramon. He implemented some kind of heuristic to infer "negative status codes", that is, a response that represents a 404 not found. That could be anything (a 200 response with a custom not found error, a 500 response with fixed size, a 302 that always redirects to the same site, etc).

He implemented it here: https://github.com/v0re/dirb/blob/master/src/calculanec.c

Is it possible to add this to the roadmap?

Thank you!!

Leandro

EDIT: I just saw the readme file that mentions that "Tune 404 based on size/redirection" is not supported.

[Isona]

Hi, I'm glad you like Dirble, and I was planning on adding this feature but seem to have forgotten to put it on the road map - I've added it now, under Scanning.

It's planned as part of a larger overhaul to the thread system in the threading overhaul branch right now (currently only has some changes to the way output is handled, but more will be happening). My idea is to have a thread specifically handling target validation, including a similar heuristic to Dirb, this would allow for a few related features which shouldn't bog down other threads.

Hopefully I'll get this out in the next few weeks!

[BBerastegui]

I was about to open a feature request on the 200 error detection, at least something "basic" such as: If /AAAAA and /BBBBB return HTTP 200 and the same size, consider that combination of HTTP code and size a "not found".

And also, as said above, it's an awesome tool. There are lots of directory enumeration tools, but this one is pretty awesome (in my case, mostly for the false positive reduction in most cases).

[BBerastegui]

And also, now that we are here, I'll leave my opinion about one of the features that you mentioned above, the screenshots.

There are multiple tools that we can use for that and that work pretty well (gowitness, Eyewitness). We could concatenate the output of Dirble to those tools and I think it's better to improve Dirble on its own functionalities than adding things that I don't think are the strong arm of the tool (also for the sake of simplicity and the concept of having one tool that does its job the best).

My two cents.