stefanoj3 / dirstalk Goto Github PK
View Code? Open in Web Editor NEWModern alternative to dirbuster/dirb
License: MIT License
Modern alternative to dirbuster/dirb
License: MIT License
Hello,
When I try to run a scam, this is what I get. I tried moving into the directory and calling the file and it has been to no avail.
docker run stefanoj3/dirstalk dirstalk scan "https://example.com/" -d "/usr/share/dirbuster/wordlists/directory-list-1.0.txt" Error: failed to build dictionary: dictionary: failed to get
/usr/share/dirbuster/wordlists/directory-list-1.0.txt`: Get /usr/share/dirbuster/wordlists/directory-list-1.0.txt: unsupported protocol scheme ""
Usage:
dirstalk scan [url] [flags]
Flags:
--cookie stringArray cookie to add to each request; eg name=value (can be specified multiple times)
-d, --dictionary string dictionary to use for the scan (path to local file or remote url)
--header stringArray header to add to each request; eg name=value (can be specified multiple times)
-h, --help help for scan
--http-cache-requests cache requests to avoid performing the same request multiple times within the same scan (EG if the server reply with the same redirect location multiple times, dirstalk will follow it only once) (default true)
--http-methods strings comma separated list of http methods to use; eg: GET,POST,PUT (default [GET])
--http-statuses-to-ignore ints comma separated list of http statuses to ignore when showing and processing results; eg: 404,301 (default [404])
--http-timeout int timeout in milliseconds (default 5000)
--out string path where to store result output
--scan-depth int scan depth (default 3)
--socks5 string socks5 host to use
-t, --threads int amount of threads for concurrent requests (default 3)
--use-cookie-jar enables the use of a cookie jar: it will retain any cookie sent from the server and send them for the following requests
--user-agent string user agent to use for http requests
Global Flags:
-v, --verbose verbose mode
level=fatal msg="Execution error" err="failed to build dictionary: dictionary: failed to get /usr/share/dirbuster/wordlists/directory-list-1.0.txt
: Get /usr/share/dirbuster/wordlists/directory-list-1.0.txt: unsupported protocol scheme """
`
Add possibility to filter results based on content body and regexp
Hello @stefanoj3 ,
When running the below command, specifically placing single quotes in the 2nd to last flag I got the aforementioned error., Interestingly if I removed the quotes it worked and later in testing i was able to get it to successfully run with the single quotes. Its not a major issue but am raising it so you know it exists
docker run stefanoj3/dirstalk dirstalk scan http://example.com -d "https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt" --no-check-certificate --http-statuses-to-ignore '404,301' -t 10
Error: failed to build dictionary: dictionary: failed to get `https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt`: Get https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Usage:
dirstalk scan [url] [flags]
Flags:
--cookie stringArray cookie to add to each request; eg name=value (can be specified multiple times)
-d, --dictionary string dictionary to use for the scan (path to local file or remote url)
--header stringArray header to add to each request; eg name=value (can be specified multiple times)
-h, --help help for scan
--http-cache-requests cache requests to avoid performing the same request multiple times within the same scan (EG if the server reply with the same redirect location multiple times, dirstalk will follow it only once) (default true)
--http-methods strings comma separated list of http methods to use; eg: GET,POST,PUT (default [GET])
--http-statuses-to-ignore ints comma separated list of http statuses to ignore when showing and processing results; eg: 404,301 (default [404])
--http-timeout int timeout in milliseconds (default 5000)
--no-check-certificate to skip checking the validity of SSL certificates
--out string path where to store result output
--scan-depth int scan depth (default 3)
--socks5 string socks5 host to use
-t, --threads int amount of threads for concurrent requests (default 3)
--use-cookie-jar enables the use of a cookie jar: it will retain any cookie sent from the server and send them for the following requests
--user-agent string user agent to use for http requests
Global Flags:
-v, --verbose verbose mode
level=fatal msg="Execution error" err="failed to build dictionary: dictionary: failed to get `https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt`: Get https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
Could use otto as a scripting language to add more complex processing rules for dictionaries
handle signint: do not jus tkill the application, stop the scan and print the summary of what was found so far
Make golangci-lint
stricter by enabling more linters and fix all the reported issues.
EG golangci-lint run --enable-all
dial tcp: lookup site.com on [::1]:53: read udp [::1]:58403->[::1]:53: read: connection refused" method=GET path="~user3" DEBU terminating worker: producer channel closed ERRO failed to perform request depth=3
what is your solution with this?
Command to combine dictionaries together or to create a dictionary made of absolute paths made of the combination of all the parts in another dictionary
Hello,
It seems to fail if it doesn't trust the cert from the target web server. Below is sample output from when I ran it. Is there anyway a -k (curl) or --no-check-certificate (wget) flag can be added?
docker run stefanoj3/dirstalk dirstalk scan "https://redacted.example.com" -d https://raw.githubusercontent.com/daviddias/node-dirbuster/master/lists/directory-list-1.0.txt
level=info msg="Starting scan" cookie-jar=false cookies= dictionary-length=141694 headers= scan-depth=3 socks5="<nil>" threads=3 timeout=5000 url="https://redacted.example.com" user-agent=
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/cgi-bin: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=cgi-bin
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/education: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=education
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/betsie: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=betsie
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/accessibility: x509: certificate signed by unknown authority" method=GET path=accessibility
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/go: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=go
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/accesskeys: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=accesskeys
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/-: x509: certificate signed by unknown authority" method=GET path=-
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/toolbar: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=toolbar
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/radio: x509: certificate signed by unknown authority" method=GET path=radio
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/tv: x509: certificate signed by unknown authority" method=GET path=tv
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/whereilive: x509: certificate signed by unknown authority" method=GET path=whereilive
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/talk: x509: certificate signed by unknown authority" method=GET path=talk
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/homepage: x509: certificate signed by unknown authority" method=GET path=homepage
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/a-z: x509: certificate signed by unknown authority" method=GET path=a-z
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/bb: x509: certificate signed by unknown authority" method=GET path=bb
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/int: x509: certificate signed by unknown authority" method=GET path=int
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/textonly: x509: certificate signed by unknown authority" method=GET path=textonly
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/oth: x509: certificate signed by unknown authority" method=GET path=oth
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/mobile: x509: certificate signed by unknown authority" method=GET path=mobile
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/t: x509: certificate signed by unknown authority" method=GET path=t
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/help: x509: certificate signed by unknown authority" method=GET path=help
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/search: x509: certificate signed by unknown authority" method=GET path=search
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/pl1: x509: certificate signed by unknown authority" method=GET path=pl1
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/makehomepage: x509: certificate signed by unknown authority" method=GET path=makehomepage
level=error msg="failed to perform request" depth=3 error="Get https://redacted.example.com/text: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" method=GET path=text
https://github.com/mafredri/cdp
https://godoc.org/github.com/tebeka/selenium
https://hacks.mozilla.org/2017/12/using-headless-mode-in-firefox/
could use headless chrome or selenium to integrate and capture screenshots of all the results found and create a nice html page to view them
Hello @stefanoj3 , we meet again lol!
Humor aside, when I ran dirstalk in docker i noticed if i tried do to either ctrl+z or ctrl+c it didnt stop the program but instead moved to the next procedural phase. I had to hit it a few times to eventually make it stop. I am not sure if you were aware but I figured I let you know. Its a minor issue but ya.
Introduce possibility to generate dictionary out of html files like https://manpages.ubuntu.com/manpages/bionic/man1/html2dic.1.html
scan codebase with https://github.com/mdempsky/maligned and see if there be any improvement for memory usage
create dictionary based of:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.