Low requests per sec

[677230756E64]

What is the current behavior?

The tool hangs around 160 requests per second even though the cpu is loaded to only 40% when the tool is working

What is the expected behavior?

Even with explicitly specified high number of threads and high max requests per second the actual speed doesn't change

Any additional information?

Kali VM in VirtualBox

[677230756E64]

I just read that default Apache server configuration supports exactly 160 requests per second and I'm scanning an Apache web server. But how other tools like dirbuster are able to do like thousand requests per second?

[Prady18]

@677230756E64 Other tools like Dirbuster (or Dirsearch, which you mentioned earlier) might be able to send more requests per second due to several reasons:

1:Concurrency: These tools are specifically designed for directory and file brute-forcing, allowing them to send multiple requests in parallel or with high concurrency. They might use asynchronous or multithreaded techniques to optimize the rate of requests.

2:Optimized for Scanning: Tools like Dirbuster are focused on scanning directories and files and are optimized for speed in this specific task. They might make optimizations like reusing connections, minimizing overhead, and making the most efficient use of available resources.

3:Si3:Simplicitymplicity of Requests: The requests made by directory brute-forcing tools are generally simple and lightweight compared to full web pages. They often fetch small resources, making it easier to send a high volume of requests without overwhelming the server.

4:Targeted Scanning: These tools are often used for targeted scanning on specific directories or paths, which can reduce the complexity of the server's response handling.

5:Different Performance Metrics: When comparing the performance of different tools, consider not only the request rate but also factors like accuracy, robustness, and the types of vulnerabilities they can detect.

#It's important to note that sending a large number of requests to a server in a short period of time could potentially trigger rate limiting or security mechanisms, especially if done without proper authorization. Always make sure you have the necessary permissions and follow ethical guidelines when conducting security testing or scanning.. 😈

[677230756E64]

@677230756E64 Other tools like Dirbuster (or Dirsearch, which you mentioned earlier) might be able to send more requests per second due to several reasons

Thanks for detailed reply. Is dirsearch not optimized for scanning? I thought that was its primary goal. If not, are there plans of future updates focused on increasing productivity of the tool?