Closed sammbertram closed 9 years ago
maurosoria
commented
9 years ago Hi sammbertram,
Actually you're not the first person who complains about this. I'm thinking about adding an argument switch to support an alternate type of dictionary ("dirbuster like" dictionaries). What do you think?
sammbertram
commented
9 years ago Hey. That would be excellent! It caught me back in November when I couldn't get it working, but finally realised. I think the %EXT% feature would be most suited if you want to replace text within the dictionary word.
A lot of dictionaries I use are from fuzzdb, and they don't have the %EXT%, and would have to add them in manually. In addition, lets say I brute with .asp, and then realise I want to do .aspx later. If I use the %EXT% dictionaries, it will automatically brute the "/" twice as that is a default.
Hi. I had a suggestion for dirs3arch that would hopefully make it more intuitive and flexible to use.
A problem right now is that dirs3arch requires custom wordlists, due to the %EXT% being included to replace the extension. This is problematic because it increases the size of the wordlists by double, and you can't just quickly download a wordlist to use but have to determine how precisely to use the extension with %EXT%.
Might I suggest using a simple wordlist and leaving it up to the user to append the extension.. for example:
This could then append / and then .aspx to the wordlists. This also allows for the default behaviour to NOT have an extension which is nice for REST-style URLs. The potential confusion with this is the explicit inclusion of the . before the aspx. In the fork in my repo I've made some modifications for this (albeit an older version), that allow for this usage but it should be quite simple to implement.
Anyways, thanks for the tool!
Sam