Top Related Projects
Fast web fuzzer written in Go
Directory/File, DNS and VHost busting tool written in Go
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Find domains and subdomains related to a given domain
Fast and customizable vulnerability scanner based on simple YAML based DSL.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Quick Overview
dirsearch is a powerful web path scanner designed to brute force directories and files in websites. It's an advanced command-line tool written in Python that helps security researchers and penetration testers discover hidden content and potential vulnerabilities in web applications.
Pros
- Highly customizable with numerous options for fine-tuning scans
- Supports multiple wordlists and has a large default wordlist
- Can handle multiple targets simultaneously
- Includes features like recursive scanning, custom headers, and proxy support
Cons
- Can be resource-intensive for large scans or multiple targets
- Might trigger security alarms or be blocked by web application firewalls
- Requires careful use to avoid unintended impact on target systems
- Learning curve for advanced features and options
Getting Started
-
Clone the repository:
git clone https://github.com/maurosoria/dirsearch.git
-
Install requirements:
cd dirsearch pip3 install -r requirements.txt
-
Run a basic scan:
python3 dirsearch.py -u https://target.com -e php,html,js
This command scans https://target.com
for directories and files with .php
, .html
, and .js
extensions using the default wordlist. For more advanced usage, refer to the project's documentation.
Competitor Comparisons
Fast web fuzzer written in Go
Pros of ffuf
- Written in Go, offering better performance and cross-platform compatibility
- Supports multiple HTTP methods and custom headers
- Highly customizable with extensive filtering options
Cons of ffuf
- Steeper learning curve due to more complex command-line options
- Less built-in wordlists compared to dirsearch
Code Comparison
ffuf:
matcher := ffuf.NewMatcher(options.Matchers, options.Filters, options.MatcherMode)
runner := ffuf.NewRunner(conf, matcher)
err := runner.Run()
dirsearch:
def start(self):
self.setup()
self.force_exit = False
self.recursive_bruteforce()
Key Differences
- Language: ffuf is written in Go, while dirsearch is in Python
- Performance: ffuf generally offers better speed and resource utilization
- Flexibility: ffuf provides more customization options, while dirsearch is simpler to use
- Wordlists: dirsearch includes more built-in wordlists
- Output: Both tools offer various output formats, but ffuf has more options
Use Cases
- ffuf: Ideal for advanced users requiring high performance and customization
- dirsearch: Better suited for beginners or those preferring a simpler, more straightforward tool
Directory/File, DNS and VHost busting tool written in Go
Pros of gobuster
- Written in Go, offering better performance and concurrency
- Supports multiple modes (DNS, vhost, directory bruteforcing)
- Actively maintained with regular updates
Cons of gobuster
- Less extensive wordlist options compared to dirsearch
- Fewer built-in features for output formatting and reporting
Code Comparison
dirsearch:
def recursive_scan(self, base_path):
for word in self.dictionary:
path = base_path + word
if self.scan(path):
self.recursive_scan(path + '/')
gobuster:
func (d *DNSExecutor) runDNS(word string) error {
fqdn := fmt.Sprintf("%s.%s", word, d.domain)
addrs, err := d.resolver.LookupHost(context.Background(), fqdn)
if err != nil {
return err
}
// Process results
}
Both tools offer directory and file bruteforcing capabilities, but their implementations differ. dirsearch is Python-based, providing flexibility and ease of customization, while gobuster leverages Go's performance benefits. gobuster's multi-mode functionality gives it an edge for versatility, but dirsearch offers more comprehensive wordlists and reporting features out of the box. The choice between them often depends on specific use cases and personal preferences.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Pros of httpx
- Faster performance due to concurrent processing and efficient Go implementation
- Broader functionality beyond directory enumeration, including probe, title extraction, and technology detection
- Supports multiple input formats and flexible output options
Cons of httpx
- Less focused on directory brute-forcing compared to dirsearch
- May require more setup and configuration for specific use cases
- Potentially overwhelming for users who only need simple directory enumeration
Code Comparison
httpx:
for result := range r.DNSClient.Enumerate(domain) {
if result.Error != nil {
gologger.Warning().Msgf("Could not enumerate DNS for %s: %s\n", domain, result.Error)
continue
}
// Process result
}
dirsearch:
def scan(self):
for path in self.dictionary:
if not self.recursive and path.count("/") > self.currentDepth:
continue
url = self.base_path + path
self.output.status_report(self.batch.count(), len(self.dictionary))
self.batch.append(url)
Summary
httpx is a versatile tool for HTTP probing and analysis, offering broader functionality and faster performance. dirsearch specializes in directory enumeration with a focus on simplicity and ease of use. While httpx provides more features, dirsearch may be preferable for users specifically seeking directory brute-forcing capabilities.
Find domains and subdomains related to a given domain
Pros of assetfinder
- Focused on subdomain discovery, providing a specialized tool for this task
- Lightweight and fast, with minimal dependencies
- Supports multiple data sources for comprehensive subdomain enumeration
Cons of assetfinder
- Limited to subdomain discovery, lacking directory and file enumeration capabilities
- Does not support customizable wordlists or extensive configuration options
- May require additional tools for a complete web application reconnaissance
Code comparison
assetfinder:
func main() {
domains := make(chan string)
go func() {
sc := bufio.NewScanner(os.Stdin)
for sc.Scan() {
domains <- sc.Text()
}
close(domains)
}()
// ... (processing logic)
}
dirsearch:
def main():
parser = OptionParser(usage)
for option in options:
parser.add_option(option)
options, arguments = parser.parse_args()
# ... (configuration and execution logic)
The code snippets highlight the different approaches:
- assetfinder uses Go and focuses on efficient input processing
- dirsearch uses Python and emphasizes configuration options
Both tools serve different purposes in web application security testing, with assetfinder specializing in subdomain discovery and dirsearch excelling in directory and file enumeration.
Fast and customizable vulnerability scanner based on simple YAML based DSL.
Pros of Nuclei
- More versatile, supporting various protocols and vulnerability types
- Highly customizable with YAML-based templates
- Active community and frequent updates
Cons of Nuclei
- Steeper learning curve due to its complexity
- Requires more setup and configuration compared to Dirsearch
Code Comparison
Dirsearch (Python):
def recursive_bruteforce(base_url, extensions, depth):
if depth == 0:
return
for word in wordlist:
for extension in extensions:
url = f"{base_url}/{word}.{extension}"
response = requests.get(url)
if response.status_code == 200:
print(f"Found: {url}")
recursive_bruteforce(url, extensions, depth - 1)
Nuclei (Go):
func (r *Runner) runTemplates(ctx context.Context, target string) {
for _, template := range r.options.Templates {
if err := r.executeTemplate(ctx, template, target); err != nil {
gologger.Warning().Msgf("Could not execute template %s: %s\n", template.ID, err)
}
}
}
The code snippets highlight the different approaches:
- Dirsearch focuses on directory and file enumeration
- Nuclei emphasizes template-based scanning for various vulnerabilities
Both tools are valuable for security testing, with Dirsearch being more specialized for directory discovery and Nuclei offering broader vulnerability scanning capabilities.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Pros of SecLists
- Comprehensive collection of multiple types of lists for security testing
- Regularly updated with community contributions
- Versatile for various security testing scenarios beyond web directory enumeration
Cons of SecLists
- Requires additional tools or scripts to utilize the lists effectively
- May contain outdated or irrelevant entries due to its extensive nature
- Not specifically optimized for web directory brute-forcing
Code Comparison
While a direct code comparison isn't applicable due to the nature of these projects, here's a brief example of how they might be used:
SecLists (used with a separate tool):
gobuster dir -u http://example.com -w /path/to/SecLists/Discovery/Web-Content/common.txt
dirsearch:
python3 dirsearch.py -u http://example.com -e php,html,js
SecLists provides raw data, while dirsearch is a complete tool with built-in functionality for web directory enumeration.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
dirsearch - Web path discovery
An advanced web path brute-forcer
dirsearch is being actively developed by @maurosoria and @shelld3v
Reach to our Discord server to communicate with the team at best
Table of Contents
- Installation
- Wordlists
- Options
- Configuration
- How to use
- Support Docker
- References
- Tips
- Contribution
- License
Installation & Usage
Requirement: python 3.7 or higher
Choose one of these installation options:
- Install with git:
git clone https://github.com/maurosoria/dirsearch.git --depth 1
(RECOMMENDED) - Install with ZIP file: Download here
- Install with Docker:
docker build -t "dirsearch:v0.4.3" .
(more information can be found here) - Install with PyPi:
pip3 install dirsearch
orpip install dirsearch
- Install with Kali Linux:
sudo apt-get install dirsearch
(deprecated)
Wordlists (IMPORTANT)
Summary:
- Wordlist is a text file, each line is a path.
- About extensions, unlike other tools, dirsearch only replaces the
%EXT%
keyword with extensions from -e flag. - For wordlists without
%EXT%
(like SecLists), -f | --force-extensions switch is required to append extensions to every word in wordlist, as well as the/
. - To apply your extensions to wordlist entries that have extensions already, use -O | --overwrite-extensions (Note: some extensions are excluded from being overwritted such as .log, .json, .xml, ... or media extensions like .jpg, .png)
- To use multiple wordlists, you can separate your wordlists with commas. Example:
wordlist1.txt,wordlist2.txt
.
Examples:
- Normal extensions:
index.%EXT%
Passing asp and aspx as extensions will generate the following dictionary:
index
index.asp
index.aspx
- Force extensions:
admin
Passing php and html as extensions with -f/--force-extensions flag will generate the following dictionary:
admin
admin.php
admin.html
admin/
- Overwrite extensions:
login.html
Passing jsp and jspa as extensions with -O/--overwrite-extensions flag will generate the following dictionary:
login.html
login.jsp
login.jspa
Options
Usage: dirsearch.py [-u|--url] target [-e|--extensions] extensions [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
Mandatory:
-u URL, --url=URL Target URL(s), can use multiple flags
-l PATH, --url-file=PATH
URL list file
--stdin Read URL(s) from STDIN
--cidr=CIDR Target CIDR
--raw=PATH Load raw HTTP request from file (use '--scheme' flag
to set the scheme)
-s SESSION_FILE, --session=SESSION_FILE
Session file
--config=PATH Path to configuration file (Default:
'DIRSEARCH_CONFIG' environment variable, otherwise
'config.ini')
Dictionary Settings:
-w WORDLISTS, --wordlists=WORDLISTS
Customize wordlists (separated by commas)
-e EXTENSIONS, --extensions=EXTENSIONS
Extension list separated by commas (e.g. php,asp)
-f, --force-extensions
Add extensions to the end of every wordlist entry. By
default dirsearch only replaces the %EXT% keyword with
extensions
-O, --overwrite-extensions
Overwrite other extensions in the wordlist with your
extensions (selected via `-e`)
--exclude-extensions=EXTENSIONS
Exclude extension list separated by commas (e.g.
asp,jsp)
--remove-extensions
Remove extensions in all paths (e.g. admin.php ->
admin)
--prefixes=PREFIXES
Add custom prefixes to all wordlist entries (separated
by commas)
--suffixes=SUFFIXES
Add custom suffixes to all wordlist entries, ignore
directories (separated by commas)
-U, --uppercase Uppercase wordlist
-L, --lowercase Lowercase wordlist
-C, --capital Capital wordlist
General Settings:
-t THREADS, --threads=THREADS
Number of threads
-r, --recursive Brute-force recursively
--deep-recursive Perform recursive scan on every directory depth (e.g.
api/users -> api/)
--force-recursive Do recursive brute-force for every found path, not
only directories
-R DEPTH, --max-recursion-depth=DEPTH
Maximum recursion depth
--recursion-status=CODES
Valid status codes to perform recursive scan, support
ranges (separated by commas)
--subdirs=SUBDIRS Scan sub-directories of the given URL[s] (separated by
commas)
--exclude-subdirs=SUBDIRS
Exclude the following subdirectories during recursive
scan (separated by commas)
-i CODES, --include-status=CODES
Include status codes, separated by commas, support
ranges (e.g. 200,300-399)
-x CODES, --exclude-status=CODES
Exclude status codes, separated by commas, support
ranges (e.g. 301,500-599)
--exclude-sizes=SIZES
Exclude responses by sizes, separated by commas (e.g.
0B,4KB)
--exclude-text=TEXTS
Exclude responses by text, can use multiple flags
--exclude-regex=REGEX
Exclude responses by regular expression
--exclude-redirect=STRING
Exclude responses if this regex (or text) matches
redirect URL (e.g. '/index.html')
--exclude-response=PATH
Exclude responses similar to response of this page,
path as input (e.g. 404.html)
--skip-on-status=CODES
Skip target whenever hit one of these status codes,
separated by commas, support ranges
--min-response-size=LENGTH
Minimum response length
--max-response-size=LENGTH
Maximum response length
--max-time=SECONDS Maximum runtime for the scan
--exit-on-error Exit whenever an error occurs
Request Settings:
-m METHOD, --http-method=METHOD
HTTP method (default: GET)
-d DATA, --data=DATA
HTTP request data
--data-file=PATH File contains HTTP request data
-H HEADERS, --header=HEADERS
HTTP request header, can use multiple flags
--header-file=PATH File contains HTTP request headers
-F, --follow-redirects
Follow HTTP redirects
--random-agent Choose a random User-Agent for each request
--auth=CREDENTIAL Authentication credential (e.g. user:password or
bearer token)
--auth-type=TYPE Authentication type (basic, digest, bearer, ntlm, jwt,
oauth2)
--cert-file=PATH File contains client-side certificate
--key-file=PATH File contains client-side certificate private key
(unencrypted)
--user-agent=USER_AGENT
--cookie=COOKIE
Connection Settings:
--timeout=TIMEOUT Connection timeout
--delay=DELAY Delay between requests
--proxy=PROXY Proxy URL (HTTP/SOCKS), can use multiple flags
--proxy-file=PATH File contains proxy servers
--proxy-auth=CREDENTIAL
Proxy authentication credential
--replay-proxy=PROXY
Proxy to replay with found paths
--tor Use Tor network as proxy
--scheme=SCHEME Scheme for raw request or if there is no scheme in the
URL (Default: auto-detect)
--max-rate=RATE Max requests per second
--retries=RETRIES Number of retries for failed requests
--ip=IP Server IP address
--interface=NETWORK_INTERFACE
Network interface to use
Advanced Settings:
--crawl Crawl for new paths in responses
View Settings:
--full-url Full URLs in the output (enabled automatically in
quiet mode)
--redirects-history
Show redirects history
--no-color No colored output
-q, --quiet-mode Quiet mode
Output Settings:
-o PATH, --output=PATH
Output file
--format=FORMAT Report format (Available: simple, plain, json, xml,
md, csv, html, sqlite)
--log=PATH Log file
Configuration
By default, config.ini
inside your dirsearch directory is used as the configuration file but you can select another file via --config
flag or DIRSEARCH_CONFIG
environment variable.
# If you want to edit dirsearch default configurations, you can
# edit values in this file. Everything after `#` is a comment
# and won't be applied
[general]
threads = 25
recursive = False
deep-recursive = False
force-recursive = False
recursion-status = 200-399,401,403
max-recursion-depth = 0
exclude-subdirs = %%ff/,.;/,..;/,;/,./,../,%%2e/,%%2e%%2e/
random-user-agents = False
max-time = 0
exit-on-error = False
# subdirs = /,api/
# include-status = 200-299,401
# exclude-status = 400,500-999
# exclude-sizes = 0b,123gb
# exclude-text = "Not found"
# exclude-regex = "^403$"
# exclude-redirect = "*/error.html"
# exclude-response = 404.html
# skip-on-status = 429,999
[dictionary]
default-extensions = php,aspx,jsp,html,js
force-extensions = False
overwrite-extensions = False
lowercase = False
uppercase = False
capitalization = False
# exclude-extensions = old,log
# prefixes = .,admin
# suffixes = ~,.bak
# wordlists = /path/to/wordlist1.txt,/path/to/wordlist2.txt
[request]
http-method = get
follow-redirects = False
# headers-file = /path/to/headers.txt
# user-agent = MyUserAgent
# cookie = SESSIONID=123
[connection]
timeout = 7.5
delay = 0
max-rate = 0
max-retries = 1
## By disabling `scheme` variable, dirsearch will automatically identify the URI scheme
# scheme = http
# proxy = localhost:8080
# proxy-file = /path/to/proxies.txt
# replay-proxy = localhost:8000
[advanced]
crawl = False
[view]
full-url = False
quiet-mode = False
color = True
show-redirects-history = False
[output]
## Support: plain, simple, json, xml, md, csv, html, sqlite
report-format = plain
autosave-report = True
autosave-report-folder = reports/
# log-file = /path/to/dirsearch.log
# log-file-size = 50000000
How to use
Some examples for how to use dirsearch - those are the most common arguments. If you need all, just use the -h argument.
Simple usage
python3 dirsearch.py -u https://target
python3 dirsearch.py -e php,html,js -u https://target
python3 dirsearch.py -e php,html,js -u https://target -w /path/to/wordlist
Pausing progress
dirsearch allows you to pause the scanning progress with CTRL+C, from here, you can save the progress (and continue later), skip the current target, or skip the current sub-directory.
Recursion
- Recursive brute-force is brute-forcing continuously the after of found directories. For example, if dirsearch finds
admin/
, it will brute-forceadmin/*
(*
is where it brute forces). To enable this feature, use -r (or --recursive) flag
python3 dirsearch.py -e php,html,js -u https://target -r
- You can set the max recursion depth with --max-recursion-depth, and status codes to recurse with --recursion-status
python3 dirsearch.py -e php,html,js -u https://target -r --max-recursion-depth 3 --recursion-status 200-399
-
There are 2 more options: --force-recursive and --deep-recursive
- Force recursive: Brute force recursively all found paths, not just paths end with
/
- Deep recursive: Recursive brute-force all depths of a path (
a/b/c
=> adda/
,a/b/
)
- Force recursive: Brute force recursively all found paths, not just paths end with
-
If there are sub-directories that you do not want to brute-force recursively, use
--exclude-subdirs
python3 dirsearch.py -e php,html,js -u https://target -r --exclude-subdirs image/,media/,css/
Threads
The thread number (-t | --threads) reflects the number of separated brute force processes. And so the bigger the thread number is, the faster dirsearch runs. By default, the number of threads is 25, but you can increase it if you want to speed up the progress.
In spite of that, the speed still depends a lot on the response time of the server. And as a warning, we advise you to keep the threads number not too big because it can cause DoS (Denial of Service).
python3 dirsearch.py -e php,htm,js,bak,zip,tgz,txt -u https://target -t 20
Prefixes / Suffixes
- --prefixes: Add custom prefixes to all entries
python3 dirsearch.py -e php -u https://target --prefixes .,admin,_
Wordlist:
tools
Generated with prefixes:
tools
.tools
admintools
_tools
- --suffixes: Add custom suffixes to all entries
python3 dirsearch.py -e php -u https://target --suffixes ~
Wordlist:
index.php
internal
Generated with suffixes:
index.php
internal
index.php~
internal~
Blacklist
Inside the db/
folder, there are several "blacklist files". Paths in those files will be filtered from the scan result if they have the same status as mentioned in the filename.
Example: If you add admin.php
into db/403_blacklist.txt
, whenever you do a scan that admin.php
returns 403, it will be filtered from the result.
Filters
Use -i | --include-status and -x | --exclude-status to select allowed and not allowed response status-codes
For more advanced filters: --exclude-sizes, --exclude-texts, --exclude-regexps, --exclude-redirects and --exclude-response
python3 dirsearch.py -e php,html,js -u https://target --exclude-sizes 1B,243KB
python3 dirsearch.py -e php,html,js -u https://target --exclude-texts "403 Forbidden"
python3 dirsearch.py -e php,html,js -u https://target --exclude-regexps "^Error$"
python3 dirsearch.py -e php,html,js -u https://target --exclude-redirects "https://(.*).okta.com/*"
python3 dirsearch.py -e php,html,js -u https://target --exclude-response /error.html
Raw request
dirsearch allows you to import the raw request from a file. The content would be something looked like this:
GET /admin HTTP/1.1
Host: admin.example.com
Cache-Control: max-age=0
Accept: */*
Since there is no way for dirsearch to know what the URI scheme is, you need to set it using the --scheme
flag. By default, dirsearch automatically detects the scheme.
Wordlist formats
Supported wordlist formats: uppercase, lowercase, capitalization
Lowercase:
admin
index.html
Uppercase:
ADMIN
INDEX.HTML
Capital:
Admin
Index.html
Exclude extensions
Use -X | --exclude-extensions with an extension list will remove all paths in the wordlist that contains the given extensions
python3 dirsearch.py -u https://target -X jsp
Wordlist:
admin.php
test.jsp
After:
admin.php
Scan sub-directories
- From an URL, you can scan a list of sub-directories with --subdirs.
python3 dirsearch.py -e php,html,js -u https://target --subdirs /,admin/,folder/
Proxies
dirsearch supports SOCKS and HTTP proxy, with two options: a proxy server or a list of proxy servers.
python3 dirsearch.py -e php,html,js -u https://target --proxy 127.0.0.1:8080
python3 dirsearch.py -e php,html,js -u https://target --proxy socks5://10.10.0.1:8080
python3 dirsearch.py -e php,html,js -u https://target --proxylist proxyservers.txt
Reports
Supported report formats: simple, plain, json, xml, md, csv, html, sqlite
python3 dirsearch.py -e php -l URLs.txt --format plain -o report.txt
python3 dirsearch.py -e php -u https://target --format html -o target.json
More example commands
cat urls.txt | python3 dirsearch.py --stdin
python3 dirsearch.py -u https://target --max-time 360
python3 dirsearch.py -u https://target --auth admin:pass --auth-type basic
python3 dirsearch.py -u https://target --header-list rate-limit-bypasses.txt
There are more to discover, try yourself!
Support Docker
Install Docker Linux
Install Docker
curl -fsSL https://get.docker.com | bash
To use docker you need superuser power
Build Image dirsearch
To create image
docker build -t "dirsearch:v0.4.3" .
dirsearch is the name of the image and v0.4.3 is the version
Using dirsearch
For using
docker run -it --rm "dirsearch:v0.4.3" -u target -e php,html,js,zip
References
- Comprehensive Guide on Dirsearch by Shubham Sharma
- Comprehensive Guide on Dirsearch Part 2 by Shubham Sharma
- How to Find Hidden Web Directories with Dirsearch by GeeksforGeeks
- GUÃA COMPLETA SOBRE EL USO DE DIRSEARCH by ESGEEKS
- How to use Dirsearch to detect web directories by EHacking
- dirsearch how to by VK9 Security
- Find Hidden Web Directories with Dirsearch by Wonder How To
- Brute force directories and files in webservers using dirsearch by Raj Upadhyay
- Live Bug Bounty Recon Session on Yahoo (Amass, crts.sh, dirsearch) w/ @TheDawgyg by Nahamsec
- Dirsearch to find Hidden Web Directories by Irfan Shakeel
- Getting access to 25000 employees details by Sahil Ahamad
- Best Tools For Directory Bruteforcing by Shubham Goyal
- Discover hidden files & directories on a webserver - dirsearch full tutorial by CYBER BYTES
Tips
- The server has requests limit? That's bad, but feel free to bypass it, by randomizing proxy with
--proxy-list
- Want to find out config files or backups? Try
--suffixes ~
and--prefixes .
- Want to find only folders/directories? Why not combine
--remove-extensions
and--suffixes /
! - The mix of
--cidr
,-F
,-q
and will reduce most of noises + false negatives when brute-forcing with a CIDR - Scan a list of URLs, but don't want to see a 429 flood?
--skip-on-status 429
will help you to skip a target whenever it returns 429 - The server contains large files that slow down the scan? You might want to use
HEAD
HTTP method instead ofGET
- Brute-forcing CIDR is slow? Probably you forgot to reduce request timeout and request retries. Suggest:
--timeout 3 --retries 1
Contribution
We have been receiving a lot of helps from many people around the world to improve this tool. Thanks so much to everyone who have helped us so far! See CONTRIBUTORS.md to know who they are.
Pull requests and feature requests are welcomed
License
Copyright (C) Mauro Soria (maurosoria@gmail.com)
License: GNU General Public License, version 2
Top Related Projects
Fast web fuzzer written in Go
Directory/File, DNS and VHost busting tool written in Go
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Find domains and subdomains related to a given domain
Fast and customizable vulnerability scanner based on simple YAML based DSL.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot