shelld3v
commented
4 years ago In every wordlist, there will always be some endpoints with extensions that limited to some web apps, for example, asp and aspx will only exist in web servers that using Microsoft ASP.NET framework. So if the user knew that the server is running Linux, Ubuntu for example, they will know that ASP and ASPX files will never exist in the web, and they should not brute-force those endpoints. The fact that if the wordlist is too large, it's will be very easy for the user to get blocked by the server, and the time to can brute-force all the endpoints will be very long. So if the user can reduce extensions like .asp, .aspx (Microsoft ASP.NET framework), .jsp (Apache) or .rb, .py, .sh (if the user knows the programming language of the server), he can reduce around 1/50-1/5 the size of the wordlist. The future command will be like dirsearch.py -u https://website.com -e php,html,js,htm,json -E asp,aspx,jsp. This will be super useful for any security researcher
maurosoria
dirsearchshould add a new option called "exclude extensions". This allows the user to select the extensions that he doesn't want to brute force with. For example, while hacking on Yahoo, I found that some of Yahoo servers didn't allow access to.jspfiles. Even the file existed or not (blahthisdoesnotexist.jsp), the server will always return a 403 error. So the "exclude extensions" option will not send any request which is.jspextension, reduce spam outputs. The workflow is simple: remove all endpoints in the list that end with.jsp, then continue by brute-forcing with that endpoints list.Also, I want to develop dirsearch, can I join the dirsearch's developers team and help dirsearch grows the functionalities in directory brute-forcing? I will very careful when doing that, by testing with my fork first, then let you take a look at the update and apply if it's accepted by you.
Thank you for your attention