Introduction to Content and Vulnerability Scanner
Before learning about the Dirb CyberSecurity tool, we must know some details about the content scanner and vulnerability scanner. So let’s see what a content scanner and a vulnerability scanner are.
A) Content Scanner
To scan and analyze files, documents, and other types of content for harmful or suspicious behavior, one uses a content scanner, a sort of security program or application. It is intended to spot potential security risks like malware, viruses, trojans, phishing scams, and other online attacks.
For example: If any tool searches, if there is any robots.txt file is present in the website or not.
Content scanners work by examining the contents of files or documents, looking for patterns and signatures of known security threats. They use a variety of techniques, such as signature-based scanning, behavior-based analysis, and machine learning algorithms, to detect and block malicious content.
Content scanners can be deployed in a variety of contexts, including on email servers, web servers, file servers, and endpoint devices such as desktops, laptops, and mobile devices. They are often used as a part of a broader security strategy, in conjunction with other security tools and practices, such as firewalls, intrusion detection systems, and security awareness training.
Some Examples of Content Scanners:
- Antivirus software: Antivirus software is a type of content scanner that is designed to detect, prevent, and remove malware from computer systems. It uses signature-based scanning and heuristics to identify known threats, and behavior-based analysis to detect new or unknown threats.
- Email filters: Email filters are content scanners that are used to scan inbound and outbound emails for spam, malware, phishing attacks, and other types of threats. They use a combination of signature-based scanning, content analysis, and reputation analysis to detect and block malicious content
Other Examples are Web Filters, File Scanning Tools, and Content Delivery Networks (CDN).
B) Vulnerability Scanner
A vulnerability scanner is a tool used in cyber security to identify security weaknesses or vulnerabilities in a system or network. It is an automated tool that scans the system for potential vulnerabilities, analyzes the results, and provides a report of the findings.
In order to check the target system or network for potential weaknesses, vulnerability scanners often operate by using a database of known vulnerabilities and attack techniques. They have the ability to scan a wide variety of systems, including servers, routers, switches, and other network devices as well as online applications. To find any vulnerabilities, the scanner will run a number of tests, including port scanning, service identification, and vulnerability checks.
Some examples of Vulnerability Scanners:
- OpenVAS: OpenVAS (Open Vulnerability Assessment System) is an open-source vulnerability scanner that can be used to scan both local and remote hosts for security issues. It includes a web-based interface for managing and analyzing scan results.
- Rapid7: Rapid7 provides several vulnerability scanning tools, including Nexpose and InsightVM. These tools can be used to scan both on-premises and cloud-based systems and provide detailed reports on the vulnerabilities that they find.
Other Examples are Nessus, Qualys, Nikto, and Acunetix.
Introduction to Dirb
Dirb is a commonly used open-source web application scanner used in cybersecurity. It is designed to search for hidden directories and files on a web server, which can be useful in identifying potential vulnerabilities or security issues. Dirb is a content scanner.
Dirb works by sending HTTP requests to a target website and analyzing the responses it receives. The tool can be configured to use a wordlist or dictionary of potential directories and file names to search for. By comparing the server response to the request, Dirb can determine whether a given directory or file exists on the server, which can be useful in identifying potential vulnerabilities or misconfiguration.
It’s important to note that while Dirb can be a useful tool in identifying potential security issues, it should be used ethically and with the permission of the website owner. Using Dirb or any other tool to scan or attack a website without permission is illegal and can result in serious legal consequences.
How Dirb Works
It has an internal wordlist file that, by default, contains about 4000 words for brute force attacks. Online wordlists that have been updated are widely available and can also be used. Every item or directory on a website or server is searched by Dirb for the words in its wordlist. A subdirectory or admin panel that is open to assault could be the culprit. Finding the things is crucial because they are typically buried.
Let me explain the design:
Advantages of Dirb
Dirb (Directory Buster) is a web application scanning tool that is designed to help identify the directories and files that are present on a web server. Some advantages of using Dirb include:
A) Automated Scanning
Dirb can be used to automatically search a web server for files and directories. Compared to manually searching through directories, this saves time and effort.
B) Fast and Efficient
Dirb is designed to be fast and efficient, making it possible to scan large web servers in a short amount of time.
C) Customizable
Dirb allows users to customize the scanning process by specifying the directory and file extensions to be scanned. This enables users to focus on specific areas of a web server.
D) Provides detailed results
Dirb provides detailed results that can help users identify potential security vulnerabilities or misconfigurations in a web application.
E) Open-source
Dirb is an open-source tool, which means that it is freely available for anyone to use and modify. This makes it a popular choice among developers and security researchers.
Disadvantages of Dirb
DIRB (Directory Brute-Forcer) is a popular tool for performing a directory brute-force attack. While it has its advantages, it also has several disadvantages, including:
A) Slow
DIRB can be very slow, especially when scanning large web applications. The time it takes to scan an entire website can be hours, if not days.
B) Limited Functionality
DIRB is designed only to brute-force directories and files. It does not offer advanced features such as authentication cracking, session hijacking, or fuzzing.
C) Limited Wordlist
DIRB uses a limited wordlist, which means that it may not be able to identify all directories and files on a web application. This can lead to false negatives and missed vulnerabilities
D) No automatic updates
DIRB is no longer actively maintained, which means that there are no automatic updates or bug fixes.
Installation of Dirb
Donwload Dirb via Github : SeiFreed Dirb
Download Dirb via Sourceforge: Drib Tool
Note: I used Kali Linux, and Kali already has Dirb installed.
Let’s start with the Dirb Web Scanner Tool
Before starting the Dirb tutorial, please install the OWASP Framework. We are performing our task with the OWASP Framework.
So, let’s get started. My OWASP Framework is running on the 192.168.0.106 IP address.
[Image]
Now, I am running the Dirb command in the Kali Linux Terminal. So let’s get started with Dirb WebScanner Tool.
A) To check whether the Dirb is installed or not in your machine.
┌──(kaliă‰¿kali)-[~]
└─$ dirb --version
-----------------
DIRB v2.22
By The Dark Raver
-----------------
B) Scanning the File “OwaspBricks” website
┌──(kaliă‰¿kali)-[~]
└─$ dirb https://192.168.0.106/owaspbricks
START_TIME: Mon Feb 27 08:14:07 2023
URL_BASE: https://192.168.0.106/owaspbricks/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: https://192.168.0.106/owaspbricks/ ----
+ https://192.168.0.106/owaspbricks/about (CODE:200|SIZE:5435)
==> DIRECTORY: https://192.168.0.106/owaspbricks/config/
+ https://192.168.0.106/owaspbricks/favicon.ico (CODE:200|SIZE:318)
==> DIRECTORY: https://192.168.0.106/owaspbricks/images/
==> DIRECTORY: https://192.168.0.106/owaspbricks/includes/
+ https://192.168.0.106/owaspbricks/index (CODE:200|SIZE:5836)
+ https://192.168.0.106/owaspbricks/index.php (CODE:200|SIZE:5836)
==> DIRECTORY: https://192.168.0.106/owaspbricks/javascripts/
+ https://192.168.0.106/owaspbricks/readme (CODE:200|SIZE:1167)
==> DIRECTORY: https://192.168.0.106/owaspbricks/stylesheets/
---- Entering directory: https://192.168.0.106/owaspbricks/config/ ----
+ https://192.168.0.106/owaspbricks/config/config (CODE:200|SIZE:35)
+ https://192.168.0.106/owaspbricks/config/index (CODE:200|SIZE:2945)
+ https://192.168.0.106/owaspbricks/config/index.php (CODE:200|SIZE:2945)
+ https://192.168.0.106/owaspbricks/config/setup (CODE:302|SIZE:2882)
-----------------
END_TIME: Mon Feb 27 08:18:23 2023
DOWNLOADED: 9224 - FOUND: 9
So, the above output shows that,
==>: It means that it is scanning the directory.
Eg: ==> DIRECTORY: https://192.168.0.106/owaspbricks/images/
+: It means that it is scanning the files.
Eg: + https://192.168.0.106/owaspbricks/config/config
C) Save the output in the File
┌──(kaliă‰¿kali)-[~]
└─$ dirb https://192.168.0.106/owaspbricks -o dirb_output.txt
The above command says that first finish the scan of the given URL and then save the output in the given .txt file.
-o: Save the output.
You can check whether the output of the Dirb command is stored in the file or not by using the cat command.
cat file_name
D) Change the WordList File
The list of words and phrases in DIRB’s wordlist is used to look for already-existing (or secret) web objects. It is used to attack a web server using a dictionary and then examine the responses. You can utilize custom wordlists in addition to the predefined attack wordlists that come with DIRB for convenience.
Within a target URL, wordlists can be used to locate folders and files with a particular extension. By default, the wordlist file is common.txt.
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
┌──(kaliă‰¿kali)-[~]
└─$ dirb https://192.168.0.106/owaspbricks
START_TIME: Mon Feb 27 08:14:07 2023
URL_BASE: https://192.168.0.106/owaspbricks/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
Now, let us see what are the wordlist files present in the Dirb Web Scanner Tool.
┌──(kaliă‰¿kali)-[~]
└─$ cd /usr/share/dirb/wordlists
┌──(kaliă‰¿kali)-[/usr/share/dirb/wordlists]
└─$ ls
big.txt common.txt extensions_common.txt mutations_common.txt
small.txt stress catala.txt euskera.txt indexes.txt
others spanish.txt vulns
So, in the above output, you can clearly see the common.txt file.
In the vulns folder, we can see the main target file which is used in most websites, like apache.txt, tomcat.txt, etc
If you want to change the wordlist file just add the filename in the dirb command
┌──(kaliă‰¿kali)-[/usr/share/dirb/wordlists]
└─$ cd vulns
┌──(kaliă‰¿kali)-[/usr/share/dirb/wordlists/vulns]
└─$ dirb https://192.168.0.106/owaspbricks tomcat.txt
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Mon Feb 27 09:04:07 2023
URL_BASE: https://192.168.0.106/owaspbricks/
WORDLIST_FILES: tomcat.txt
-----------------
GENERATED WORDS: 87
---- Scanning URL: https://192.168.0.106/owaspbricks/ ----
-----------------
END_TIME: Mon Feb 27 09:04:09 2023
DOWNLOADED: 87 - FOUND: 0
In the above output, you can see that WORDLIST_FILES: tomcat.txt which means that now it is checking the tomcat.txt file.
In the last line of the output, DOWNLOADED: 87 – FOUND: 0 which means that it scanned around 87 files but do not get the tomcat.txt file.
E) Scan the specific extension file
Suppose you want to scan only the .php extension file on your targeted website.
┌──(kaliă‰¿kali)-[/usr/share/dirb/wordlists/vulns]
└─$ dirb https://192.168.0.106/owaspbricks -X .php
Suppose you want to scan multiple extension files at the same time on your targeted website, just use the comma operator (,).
┌──(kaliă‰¿kali)-[/usr/share/dirb/wordlists/vulns]
└─$ dirb https://192.168.0.106/owaspbricks -X .php,.js,.asp
F) Scan the file which has a specific word in it
┌──(kaliă‰¿kali)-[/usr/share/dirb/wordlists/vulns]
└─$ dirb https://192.168.0.106/owaspbricks -H .js
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Mon Feb 27 09:19:58 2023
URL_BASE: https://192.168.0.106/owaspbricks/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
ADDED_HEADERS:
--
.js
--
-----------------
GENERATED WORDS: 4612
---- Scanning URL: https://192.168.0.106/owaspbricks/ ----
+ https://192.168.0.106/owaspbricks/about (CODE:200|SIZE:5435)
==> DIRECTORY: https://192.168.0.106/owaspbricks/config/
+ https://192.168.0.106/owaspbricks/favicon.ico (CODE:200|SIZE:318)
==> DIRECTORY: https://192.168.0.106/owaspbricks/images/
==> DIRECTORY: https://192.168.0.106/owaspbricks/includes/
+ https://192.168.0.106/owaspbricks/index (CODE:200|SIZE:5836)
+ https://192.168.0.106/owaspbricks/index.php (CODE:200|SIZE:5836)
==> DIRECTORY: https://192.168.0.106/owaspbricks/javascripts/
+ https://192.168.0.106/owaspbricks/readme (CODE:200|SIZE:1167)
==> DIRECTORY: https://192.168.0.106/owaspbricks/stylesheets/
---- Entering directory: https://192.168.0.106/owaspbricks/config/ ----
+ https://192.168.0.106/owaspbricks/config/config (CODE:200|SIZE:35)
+ https://192.168.0.106/owaspbricks/config/index (CODE:200|SIZE:2945)
+ https://192.168.0.106/owaspbricks/config/index.php (CODE:200|SIZE:2945)
+ https://192.168.0.106/owaspbricks/config/setup (CODE:302|SIZE:2882)
-----------------
END_TIME: Mon Feb 27 09:25:42 2023
DOWNLOADED: 9224 - FOUND: 9
From the above code, we can clearly see that it will scan all .js words present in it and the main files related to that.
G) Scanning the specific Status Code
──(kaliă‰¿kali)-[/usr/share/dirb/wordlists/vulns]
└─$ dirb https://192.168.0.106/owaspbricks -N 302,404
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Mon Feb 27 09:34:53 2023
URL_BASE: https://192.168.0.106/owaspbricks/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
OPTION: Ignoring NOT_FOUND code -> 302
-----------------
GENERATED WORDS: 4612
---- Scanning URL: https://192.168.0.106/owaspbricks/ ----
+ https://192.168.0.106/owaspbricks/about (CODE:200|SIZE:5435)
==> DIRECTORY: https://192.168.0.106/owaspbricks/config/
+ https://192.168.0.106/owaspbricks/favicon.ico (CODE:200|SIZE:318)
==> DIRECTORY: https://192.168.0.106/owaspbricks/images/
==> DIRECTORY: https://192.168.0.106/owaspbricks/includes/
+ https://192.168.0.106/owaspbricks/index (CODE:200|SIZE:5836)
+ https://192.168.0.106/owaspbricks/index.php (CODE:200|SIZE:5836)
==> DIRECTORY: https://192.168.0.106/owaspbricks/javascripts/
+ https://192.168.0.106/owaspbricks/readme (CODE:200|SIZE:1167)
==> DIRECTORY: https://192.168.0.106/owaspbricks/stylesheets/
---- Entering directory: https://192.168.0.106/owaspbricks/config/ ----
+ https://192.168.0.106/owaspbricks/config/config (CODE:200|SIZE:35)
+ https://192.168.0.106/owaspbricks/config/index (CODE:200|SIZE:2945)
+ https://192.168.0.106/owaspbricks/config/index.php (CODE:200|SIZE:2945)
-----------------
END_TIME: Mon Feb 27 09:40:27 2023
DOWNLOADED: 9224 - FOUND: 8
From the above output, you can clearly see that only the status 200 code will be executed.
-N: Ignore the status code.