Unexpected results when scanning with or without extension words in dictionary

RazviAlex commented 4 years ago

Hi, I have created a personal dictionary. The dictionary words put are:

login
nologin

The page I used ends in ..../user/login.jsp And I made two tests, the results are:

Nothing.. and like I said to get a 200 - OK the url must ends like ..../user/login.jsp . So in that case the -e jsp parameter is not doing nothing, no?.

Next try, add to the same dictionary one more word: login.jsp

And try again the same scan with dirsearch. The results:

It return 200 - OK correct result.

So from what I see, to find the correct directory, the word has to be put in the dictionary along with the extension .jsp. So what is -e .jsp for? It is unnecessary if always it must be specify in the dictionary the word with .jsp extension.

I appreciate any help. Thanks!

shelld3v commented 4 years ago

@RazviAlex It must be login.%EXT% and nologin.%EXT%.

shelld3v commented 4 years ago

If you don't want to add %EXT% into your wordlist, then you can add the -f flag in the command.

login
nologin

==>

login
login.jsp
login/
nologin
nologin.jsp
nologin/

shelld3v commented 4 years ago

Add the -f flag plz. Then close this issue

maurosoria / dirsearch

Unexpected results when scanning with or without extension words in dictionary #199