// THECYBERARYAN — Research

Dirsearch — Zero to Hero (Ultimate Recon Guide)

Author: Aryan Pareek • Date: 2025-11-17 • Category: Recon & Enumeration

Dirsearch is one of the most powerful tools in the recon phase — used to find hidden directories, confidential files, backup dumps, staging environments, admin panels and much more. In this guide, you will learn Dirsearch from absolute zero to expert level, with practical usage, examples, flags, workflows, and bug bounty–ready automation techniques.

Introduction to Dirsearch

Dirsearch is a command-line based directory and file brute-forcing tool written in Python. It checks for hidden paths by attacking the webserver with thousands of wordlist entries.

/admin
/backup
/.git
/dev
/server-status
/config.php
/staging

These commonly lead to:

Leaked credentials
Database exports
Forgotten admin panels
Source code
Internal-only environments

Installation

Clone the project

git clone https://github.com/maurosoria/dirsearch.git
cd dirsearch

Run it

python3 dirsearch.py -u https://example.com

Basic Usage

Scan a single target

python3 dirsearch.py -u https://example.com

Save your results

python3 dirsearch.py -u https://example.com -o output.txt

Scan faster with threads

python3 dirsearch.py -u https://example.com -t 50

Intermediate Usage

Custom wordlist

python3 dirsearch.py -u https://example.com -w wordlist.txt

Find file types

python3 dirsearch.py -u https://example.com -e php,js,txt

Recursive scanning

python3 dirsearch.py -u https://example.com -r

Exclude useless codes

python3 dirsearch.py -u https://example.com --exclude-status 403,404

Show only important responses

python3 dirsearch.py -u https://example.com -i 200,204,301,302

Advanced Usage

Add headers (JWT, cookies, tokens)

python3 dirsearch.py -u https://example.com -H "Authorization: Bearer TOKEN"

Use proxy (BurpSuite)

python3 dirsearch.py -u https://example.com --proxy http://127.0.0.1:8080

Ignore SSL errors

python3 dirsearch.py -u https://example.com --ignore-ssl-errors

Force extension-based scanning

python3 dirsearch.py -u https://example.com --force-extensions

Real Bug Bounty Workflow

1. Subdomain enumeration

subfinder -d example.com -o subs.txt

2. Check which ones are alive

httpx -l subs.txt -o live.txt

3. Run Dirsearch on all alive hosts

while read url; do
  python3 dirsearch.py -u $url -e php,txt,js -r -t 50 -o results/$url.txt
done < live.txt

Tip: Dirsearch becomes extremely powerful when paired with Subfinder + Httpx + Nuclei in a full recon pipeline.

Conclusion

Dirsearch is a cornerstone tool in reconnaissance. Mastering it allows you to uncover hidden directories, backup files, dev environments, and sensitive endpoints that often lead to high-impact vulnerabilities.

Contact securely (email) View tools & scripts