Back when I was taking the Offensive Security course… we made a lot of use of Kali Linux’s “dirb” utility… it was a brute force utility of a directory structure on a domain.  It would take a dictionary file, and run each word in the dictionary, appended to the domain.  For example:

If the domain was mydomain.xxx it would try:
mydomain.xxx/a

mydomain.xxx/admin

and so on. Each time dirb got a 200 OK, it listed it as a valid endpoint.

Dirgo

Dirgo was a fun project in which I tried to emulate some of this behavior and add a small twist to dirb.  Where dirb looks for a valid response on a URL, I built Dirgo to let the user specify the response they are looking for.

For example, maybe you don’t care to find what reports a 200, perhaps you prefer to find what responds with a 500 server error… This is a great little utility for QA’ing a web app.  Sometimes a view / endpoint is created but it doesn’t respond well when called on its own.  Or you may have endpoints that just are buggy and no one reported they were going live.  You could add endpoints to the dictionary, or try and find them on your own.

In my own testing with  Dirgo I found several endpoints on servers at work where we have 500’s reporting, that should render fine.  All found using the common.txt dictionary.

Code

Below is the code… it’s super simple. Nothing complex here.

[pastacode lang=”c” user=”continuousqa” repos=”dirgo” path_id=”main.go” revision=”” highlight=”” lines=”” provider=”github”/]

Future Enhancements

• I would like to make the dictionary something passed on the command line… rather than building it each time with a different dictionary.
• I also would like to figure out some gentle concurrency for this project (running sections of the dictionary file concurrently.)
• Add more of the feature set of dirb: https://tools.kali.org/web-applications/dirb