News - Main Page
Whitepapers
Tools and Download
Presentations

Usage

http-dir-enum v0.4.3 ( http://labs.portcullis.co.uk/application/http-dir-enum/ )
Copyright (C) 2006 Mark Lowe ( mrl@portcullis-security.com )

Given a URL and a wordlist, http-dir-enum will attempt to determine names of
directories that exist on a website.

Usage: http-dir-enum.pl [options] -f dir-file url

options are:
-m n Maximum number of worker processes (default: 8)
-f file File of potential directory names
-k file File of known directory names
-c 0|1 Close connection between each attempt (default: 0)
-r 0|1 Recursively enumerate sub directories (default: 1)
-t n Wait a maximum of n seconds for reply (default: 20)
-u user Username to use for basic authentication
-p pass Password to use for basic authentication
-H g|h HTTP method g=GET, h=HEAD (default: head)
-i code Ignore HTTP response code (e.g. 404 or '404|200')
-U str Set User-Agent header to str (default based on Firefox 2.0.0.2/Linux)
-s 0|1 Add a trailing slash to the URL (default: 1)
-S 0|1 Case sensitive directory names (default: 1)
-a 0|1 Automatically determine HTTP response code to ignore (default: 1)
-l n Limit scan to n attempts per second (default: unlimited)
-R 0|1 Follow redirects (default: 0)
-q Quiet. Don't print out info ("[I]") messages
-n n Only read first n lines of dirs file (default: unlimited)
-o file Save XML report of dirs found to file (default: don't save a report)
-x regx Return only results that match this regular expression
-X regx Ignore results that match this regular expression
-P url Proxy URL
-C str Use cookie
-v Verbose
-d Debugging output
-D code Print out whole response if it has HTTP code "code" (e.g. 500)
-h This help message

The default options should be suitable most of the time, so the
typical usage would be:

http-dir-enum.pl -f dirs.txt http://host

PERFORMANCE TIPS:

* Make sure the number of processes (-m) is less than the number of directories
passed via the -f option. It normally is anyway.

* Use a lower number of processes (e.g. 2) over fast connections like localhost. Use a
higher number (e.g. 8 or 32) over laggy connections.

Last Updated : 28/03/2008 15:48:43