Skip to content

Help Text

Jump to bottom
Izzy Whistlecroft edited this page Sep 9, 2019 · 1 revision

USAGE:

dirble [FLAGS] [OPTIONS] <host|--uri-file <uri-file>...|--uri <uri>...> [--]

FLAGS:

    --burp
        Sets the proxy to use the default burp proxy values
        (http://localhost:8080)
    --no-proxy
        Disables proxy use even if there is a system proxy

-r, --disable-recursion
        Disable discovered subdirectory scanning

-l, --scan-listable
        Scan listable directories

    --scrape-listable
        Enable scraping of listable directories for urls, often produces large
        amounts of output
-S, --silent
        Don't output information during the scan, only output the report at
        the end.
-v, --verbose
        Increase the verbosity level. Use twice for full verbosity.

    --disable-validator
        Disable automatic detection of not found codes

    --scan-401
        Scan folders even if they return 401 - Unauthorized frequently

    --scan-403
        Scan folders if they return 403 - Forbidden frequently

-h, --help                 Prints help information
-k, --ignore-cert          Ignore the certificate validity for HTTPS
    --no-color
        Disable coloring of terminal output

    --show-htaccess
        Enable display of items containing .ht when they return 403 responses

-V, --version              Prints version information

OPTIONS:

-u, --uri <uri>...
        Additional hosts to scan [aliases: url]

-U, --uri-file <uri-file>...
        The filename of a file containing a list of URIs to scan - cookies and
        headers set will be applied to all URIs [aliases: url-file]
    --verb <http_verb>
        Specify which HTTP verb to use
         [default: Get]  [possible values: Get, Head, Post]
-w, --wordlist <wordlist>...
        Sets which wordlist to use, defaults to dirble_wordlist.txt in the same
        folder as the executable
-X, --extension-file <extension-file>...
        The name of a file containing extensions to extend queries with, one
        per line
-x, --extensions <extensions>...
        Provides comma separated extensions to extend queries with

-P, --prefix-file <prefix-file>...
        The name of a file containing extensions to extend queries with, one
        per line
-p, --prefixes <prefixes>...
        Provides comma separated prefixes to extend queries with

    --json-file <json_file>
        Sets a file to write JSON output to [aliases: oJ]

-o, --output-file <output_file>
        Sets the file to write the report to [aliases: oN]

    --xml-file <xml_file>
        Sets a file to write XML output to [aliases: oX]

    --output-all <output_all>
        Stores all output types respectively as .txt, .json and .xml [aliases: oA]

    --proxy <proxy>
        The proxy address to use, including type and port, can also include a
        username and password in the form 
        "http://username:password@proxy_url:proxy_port"
-t, --max-threads <max-threads>
        Sets the maximum number of request threads that will be spawned [default: 10]

-T, --wordlist-split <wordlist_split>
        The number of threads to run for each folder/extension combo [default: 3]

-z, --throttle <milliseconds>
        Time each thread will wait between requests, given in milliseconds

    --username <username>
        Sets the username to authenticate with

    --password <password>
        Sets the password to authenticate with

    --max-recursion-depth <max_recursion_depth>
        Sets the maximum directory depth to recurse to, 0 will disable
        recursion
-c, --cookie <cookie>...
        Provide a cookie in the form "name=value", can be used multiple times

-H, --header <header>...
        Provide an arbitrary header in the form "header:value" - headers with
        no value must end in a semicolon
-a, --user-agent <user_agent>
        Set the user-agent provided with requests, by default it isn't set

-B, --code-blacklist <code_blacklist>...
        Provide a comma separated list of response codes to not show in output

-W, --code-whitelist <code_whitelist>...
        Provide a comma separated list of response codes to show in output,
        also disables detection of not found codes
    --hide-lengths <length_blacklist>...
        Specify length ranges to hide, e.g. --hide-lengths 348,500-700

    --max-errors <max_errors>
        The number of consecutive errors a thread can have before it exits,
        set to 0 to disable [default: 5]
    --timeout <timeout>
        Maximum time to wait for a response before giving up, given in seconds
         [default: 5]

ARGS:

<uri>
        The URI of the host to scan, optionally supports basic auth with
        http://user:pass@host:port

OUTPUT FORMAT:

+ [url] - File
D [url] - Directory
L [url] - Listable Directory

EXAMPLE USE:

- Run against a website using the default dirble_wordlist.txt from the
  current directory:
    dirble [address]

- Run with a different wordlist and including .php and .html extensions:
    dirble [address] -w example_wordlist.txt -x .php,.html

- With listable directory scraping enabled:
    dirble [address] --scrape-listable

- Providing a list of extensions and a list of URIs:
    dirble [address] -X wordlists/web.lst -U uri-list.txt

- Providing multiple hosts to scan via command line:
    dirble [address] -u [address] -u [address]
Clone this wiki locally