DirBuster is a Java-based tool for brute-forcing directories and files on web servers. This cheat sheet covers both GUI and command-line usage, wordlist management, and advanced discovery techniques.
Basic Commands
| Command | Description |
|---|
java -jar DirBuster-1.0-RC1.jar | Launch DirBuster GUI |
java -cp DirBuster-1.0-RC1.jar:lib/* com.supeertec.headlessbrowser.HeadlessBrowser -u http://example.com | Run headless (CLI) mode |
dirbuster -u http://example.com -l /usr/share/wordlists/dirb/common.txt | Basic directory enumeration |
dirbuster -u http://example.com -l wordlist.txt -t 50 | Specify thread count |
dirbuster -u http://example.com:8080 -l wordlist.txt | Target non-standard port |
dirbuster -u https://example.com -l wordlist.txt | Target HTTPS |
dirbuster -u http://example.com -l wordlist.txt -x .php,.html,.jsp | Specify file extensions |
dirbuster --help | Display help information |
Installation
Linux/Ubuntu
# Install via apt (if available in your distro)
sudo apt update
sudo apt install dirbuster
# Download from official source
wget https://sourceforge.net/projects/dirbuster/files/DirBuster/1.0-RC1/DirBuster-1.0-RC1.jar
chmod +x DirBuster-1.0-RC1.jar
# Kali Linux (pre-installed)
# Already available at /usr/share/dirbuster/
java -jar /usr/bin/DirBuster.jar
macOS
# Install via Homebrew
brew install dirbuster
# Or download manually
wget https://sourceforge.net/projects/dirbuster/files/DirBuster/1.0-RC1/DirBuster-1.0-RC1.jar
java -jar DirBuster-1.0-RC1.jar
Wordlists
# Common wordlist locations
/usr/share/wordlists/dirb/common.txt
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
# Download SecLists
git clone https://github.com/danielmiessler/SecLists.git
ls SecLists/Discovery/Web-Content/
Command-Line Arguments (Headless Mode)
| Argument | Description |
|---|
-u <URL> | Target URL to scan |
-l <wordlist> | Path to wordlist file |
-t <threads> | Number of threads (default: 10, max: 200) |
-x <extensions> | File extensions (comma-separated: .php,.html,.jsp) |
-r <code> | Response codes to report (e.g., 200,301,302) |
-R | Include response codes 404, 400, 403 |
-s <size> | Skip responses of specific size |
--proxy <ip:port> | Use HTTP proxy |
-H <header> | Add custom HTTP header |
--cookies <cookies> | Add cookies to requests |
-A <user-agent> | Custom User-Agent string |
Advanced Scanning Techniques
Recursive Directory Enumeration
# Recursive scan (follow directories found)
java -cp DirBuster-1.0-RC1.jar:lib/* com.supeertec.headlessbrowser.HeadlessBrowser \
-u http://example.com \
-l /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt \
-r
# With depth limit
java -cp DirBuster-1.0-RC1.jar:lib/* com.supeertec.headlessbrowser.HeadlessBrowser \
-u http://example.com \
-l wordlist.txt \
-d 3
Custom Headers and Authentication
# Add authentication header
java -cp DirBuster-1.0-RC1.jar:lib/* com.supeertec.headlessbrowser.HeadlessBrowser \
-u http://example.com \
-l wordlist.txt \
-H "Authorization: Bearer token123"
# Add custom User-Agent
java -cp DirBuster-1.0-RC1.jar:lib/* com.supeertec.headlessbrowser.HeadlessBrowser \
-u http://example.com \
-l wordlist.txt \
-A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
Proxy and SSL Configuration
# Route through Burp Suite
java -cp DirBuster-1.0-RC1.jar:lib/* com.supeertec.headlessbrowser.HeadlessBrowser \
-u http://example.com \
-l wordlist.txt \
--proxy 127.0.0.1:8080
# Ignore SSL certificate errors
java -Dcom.sun.jndi.ldap.connect.pool=false \
-cp DirBuster-1.0-RC1.jar:lib/* \
com.supeertec.headlessbrowser.HeadlessBrowser \
-u https://example.com \
-l wordlist.txt
Process Management
# Start background process
dirbuster start --daemon
# Stop running process
dirbuster stop --force
# Restart with new configuration
dirbuster restart --config <file>
# Check process status
dirbuster status --verbose
# Monitor process performance
dirbuster monitor --metrics
# Kill all processes
dirbuster killall
# Show running processes
dirbuster ps
# Manage process priority
dirbuster priority --pid <pid> --level <level>
Comparison: DirBuster vs. Gobuster
| Feature | DirBuster | Gobuster |
|---|
| Language | Java | Go |
| GUI | Yes | No |
| Speed | Slower | Much faster |
| Memory | Higher | Lower |
| Recursive | Limited | Yes, excellent |
| Wordlists | Built-in options | File-based |
| HTTP Methods | GET | GET, POST, PUT, DELETE |
| Installation | Complex (Java) | Single binary |
| Best for | Manual assessment | Automated scanning |
Gobuster Alternative
# Installation
sudo apt install gobuster
# Basic directory scan
gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt
# With file extensions
gobuster dir -u http://example.com -w wordlist.txt -x .php,.html,.js
# Recursive with status codes
gobuster dir -u http://example.com -w wordlist.txt -r -s 200,301,302
# DNS subdomain enumeration
gobuster dns -d example.com -w /usr/share/wordlists/subdomains.txt
# VHOST scanning
gobuster vhost -u http://example.com -w wordlist.txt --append-domain
Creating Custom Wordlists
Generate Custom Wordlists
# Create wordlist from website content
curl -s http://example.com | tr '[:upper:]' '[:lower:]' | grep -oE '\b[a-z]+\b' | sort -u > custom_wordlist.txt
# Generate words from a specific pattern
# Example: create list of common directories
cat > custom_wordlist.txt << EOF
admin
api
backup
config
data
debug
docs
downloads
files
images
includes
lib
login
management
private
secure
server
src
static
temp
uploads
user
users
var
web
EOF
# Combine multiple wordlists
cat wordlist1.txt wordlist2.txt | sort -u > combined_wordlist.txt
# Generate permutations
for word in admin api backup; do
echo "${word}"
echo "${word}s"
echo "_${word}"
echo "${word}_"
done >> permutations.txt
Download Common Wordlists
# SecLists project
git clone https://github.com/danielmiessler/SecLists.git
# Common web directory list
curl -o directory-list-2.3-medium.txt \
https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/directory-list-2.3-medium.txt
# PHP-focused
curl -o php.txt \
https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/PHP.fuzz.txt
Practical Examples
Scan a Website
# Basic scan against target website
java -jar DirBuster-1.0-RC1.jar \
-u http://target.com \
-l /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
# Save results
java -jar DirBuster-1.0-RC1.jar \
-u http://target.com \
-l wordlist.txt \
-o results.txt
Scan Multiple Ports
# Scan port 8080
java -jar DirBuster-1.0-RC1.jar -u http://target.com:8080 -l wordlist.txt
# Scan with protocol
java -jar DirBuster-1.0-RC1.jar -u https://target.com:8443 -l wordlist.txt
Targeted Scans
# Look for admin panels
cat > admin_wordlist.txt << EOF
admin
administrator
admin-panel
panel
management
cpanel
control-panel
dashboard
console
EOF
java -jar DirBuster-1.0-RC1.jar \
-u http://target.com \
-l admin_wordlist.txt \
-r
# API endpoints
echo "api
v1
v2
rest
graphql
ajax
service
endpoint" > api_wordlist.txt
java -jar DirBuster-1.0-RC1.jar \
-u http://target.com \
-l api_wordlist.txt \
-x .php,.json,.xml
Resource Management
# Set memory limit
dirbuster --max-memory 1G <command>
# Set CPU limit
dirbuster --max-cpu 2 <command>
# Enable caching
dirbuster --cache-enabled <command>
# Set cache size
dirbuster --cache-size 100M <command>
# Clear cache
dirbuster cache clear
# Show cache statistics
dirbuster cache stats
# Optimize performance
dirbuster optimize --profile <profile>
# Show performance metrics
dirbuster metrics
Parallel Processing
# Enable parallel processing
dirbuster --parallel <command>
# Set number of workers
dirbuster --workers 4 <command>
# Process in batches
dirbuster --batch-size 100 <command>
# Queue management
dirbuster queue add <item>
dirbuster queue process
dirbuster queue status
dirbuster queue clear
Integration
Scripting
#!/bin/bash
# Example script using dirbuster
set -euo pipefail
# Configuration
CONFIG_FILE="config.yaml"
LOG_FILE="dirbuster.log"
# Check if dirbuster is available
if ! command -v dirbuster &> /dev/null; then
echo "Error: dirbuster is not installed" >&2
exit 1
fi
# Function to log messages
log() \\\\{
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1"|tee -a "$LOG_FILE"
\\\\}
# Main operation
main() \\\\{
log "Starting dirbuster operation"
if dirbuster --config "$CONFIG_FILE" run; then
log "Operation completed successfully"
exit 0
else
log "Operation failed with exit code $?"
exit 1
fi
\\\\}
# Cleanup function
cleanup() \\\\{
log "Cleaning up"
dirbuster cleanup
\\\\}
# Set trap for cleanup
trap cleanup EXIT
# Run main function
main "$@"
API Integration
Environment Variables
| Variable | Description | Default |
|---|
DIRBUSTER_CONFIG | Configuration file path | ~/.dirbuster/config.yaml |
DIRBUSTER_HOME | Home directory | ~/.dirbuster |
DIRBUSTER_LOG_LEVEL | Logging level | INFO |
DIRBUSTER_LOG_FILE | Log file path | ~/.dirbuster/logs/dirbuster.log |
DIRBUSTER_CACHE_DIR | Cache directory | ~/.dirbuster/cache |
DIRBUSTER_DATA_DIR | Data directory | ~/.dirbuster/data |
DIRBUSTER_TIMEOUT | Default timeout | 30s |
DIRBUSTER_MAX_WORKERS | Maximum workers | 4 |
Configuration File
# ~/.dirbuster/config.yaml
version: "1.0"
# General settings
settings:
debug: false
verbose: false
log_level: "INFO"
log_file: "~/.dirbuster/logs/dirbuster.log"
timeout: 30
max_workers: 4
# Network configuration
network:
host: "localhost"
port: 8080
ssl: true
timeout: 30
retries: 3
# Security settings
security:
auth_required: true
api_key: ""
encryption: "AES256"
verify_ssl: true
# Performance settings
performance:
cache_enabled: true
cache_size: "100M"
cache_dir: "~/.dirbuster/cache"
max_memory: "1G"
# Monitoring settings
monitoring:
enabled: true
interval: 60
metrics_enabled: true
alerts_enabled: true
Examples
Basic Workflow
# 1. Initialize dirbuster
dirbuster init
# 2. Configure basic settings
dirbuster config set port 8080
# 3. Start service
dirbuster start
# 4. Check status
dirbuster status
# 5. Perform operations
dirbuster run --target example.com
# 6. View results
dirbuster results
# 7. Stop service
dirbuster stop
Advanced Workflow
# Comprehensive operation with monitoring
dirbuster run \
--config production.yaml \
--parallel \
--workers 8 \
--verbose \
--timeout 300 \
--output json \
--log-file operation.log
# Monitor in real-time
dirbuster monitor --real-time --interval 5
# Generate report
dirbuster report --type comprehensive --output report.html
Automation Example
#!/bin/bash
# Automated dirbuster workflow
# Configuration
TARGETS_FILE="targets.txt"
RESULTS_DIR="results/$(date +%Y-%m-%d)"
CONFIG_FILE="automation.yaml"
# Create results directory
mkdir -p "$RESULTS_DIR"
# Process each target
while IFS= read -r target; do
echo "Processing $target..."
dirbuster \
--config "$CONFIG_FILE" \
--output json \
--output-file "$RESULTS_DIR/$\\\\{target\\\\}.json" \
run "$target"
done < "$TARGETS_FILE"
# Generate summary report
dirbuster report summary \
--input "$RESULTS_DIR/*.json" \
--output "$RESULTS_DIR/summary.html"
Best Practices
Security
- Always verify checksums when downloading binaries
- Use strong authentication methods (API keys, certificates)
- Regularly update to the latest version
- Follow principle of least privilege
- Enable audit logging for compliance
- Use encrypted connections when possible
- Validate all inputs and configurations
- Implement proper access controls
- Use appropriate resource limits for your environment
- Monitor system performance regularly
- Optimize configuration for your use case
- Use parallel processing when beneficial
- Implement proper caching strategies
- Regular maintenance and cleanup
- Profile performance bottlenecks
- Use efficient algorithms and data structures
Operational
- Maintain comprehensive documentation
- Implement proper backup strategies
- Use version control for configurations
- Monitor and alert on critical metrics
- Implement proper error handling
- Use automation for repetitive tasks
- Regular security audits and updates
- Plan for disaster recovery
Development
- Follow coding standards and conventions
- Write comprehensive tests
- Use continuous integration/deployment
- Implement proper logging and monitoring
- Document APIs and interfaces
- Use version control effectively
- Review code regularly
- Maintain backward compatibility
Resources
Official Documentation
Learning Resources
- Git - Complementary functionality
- Docker - Alternative solution
- Kubernetes - Integration partner
Last updated: 2025-07-06|Edit on GitHub
