Dirhunt – Find Web Directories Without Bruteforce

Web directories and files can contain some sensitive data like API Keys or Usernames and Passwords or sometimes SSH Keys. So to get the links to these files and directories we need to use automated tools. Dirhunt tool is an automated cyber security tool that acts as a web crawler for searching directories on a web application. It also detects the 404 false errors which contain empty index files that can be created to hide sensitive data. Dirhunt tool is developed in the Python Language and is also available on the GitHub platform.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of Dirhunt Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/Nekmo/dirhunt.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd dirhunt

Step 3: You are in the directory of the dirhunt. Now you have to install the tool by using the following command.

sudo python3 setup.py install

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

dirhunt -h

Working with Dirhunt Tool on Kali Linux OS

Example/Usage: Basic scan on target URL

dirhunt http://geeksforgeeks.org

In this example, we are scanning for web directories on the geeksforgeeks.org domain.

We have got the Generic files and directories with the status code of 200.

In the below screenshot, you can see that we have got the HTML documents files and directories. This can contain sensitive information.

In the below screenshot, we have got the links of redirection.