npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

dirw4lker

v1.8.2

Published

Asynchronous Web-Directories Scanner. Find hidden or not hidden directories and files on target web application.

Downloads

88

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

gr3pgr3p

Keywords

testtestingstress toolpentestingpenetrationpenetration testingscannertcphttphttpsscantoolfuzzbrutebrute forcebrute-forcesecuritycybersecurityIT-securityclicommand linedirectorydirectoriesdirectories-finderforensichackinghackwordlist

Readme

[!] Legal disclaimer: Usage of this tool for scanning targets without prior mutual consent is illegal.

dirW4lker.js

dirw4lker is an asynchronous directories/files web-sites scanner.

Implemented directly on top of TCP, improving performance avoiding headers-stripping and getting a lot of chunks from websites containing a lot of content.

It works with HTTP and HTTPS protocols and it allows to find hidden files hosted on target url using a dictionary-list.

You can use this for CTFs or to test your web applications or to automate your own multiple hosts monitoring.

Pure written in NodeJs and without dependencies.

Install with npm

npm install -g dirw4lker

or

npm i dirw4lker

HowTo

dirW4lker can used as Command Line Tool and is really simple to use.

dirw4lker --host=<TARGET_URL> --listDir=<PATH_TO_DICTIONARY_LIST>

You can omit the --listDir option to use the default list includes in this module.

The default list is not really effective, but will cover common used page names

Js API

const dirWalker = require('dirw4lker');

(async function scan() {
    const config = {
        host: 'http://testphp.vulnweb.com/',
        ext: 'php,txt,xml',
        asyncRequests: true
    };

    const result = await dirWalker.launch(config);
    console.log('\nFOUNDS:', result.founds.length, '/', result.sent);
    if (result.founds.length) {
        console.log('=>', result.founds.map((r) => (r.target)));
    }
})();

More examples in examples folder.

Config Object

The method launch need a configuration object with the follow parameters:

| Param | Type | Description | | ------ | ------------------- | ------------ | |host | String | The receiver hostname. | |[listDir]| String | Path to the dictionary-file to use. | |[list]| Array | Array of strings to use instead opening local file. | |[appendSlashAfter]| Boolean | Append / character on first loop. Default as true. | |[ext]| String/Array | The extra extensions name to combine with the hostname. ex: 'php,txt' or '.php,.txt' | |[dns]| String | Used dns to resolve hostname. You can use multiple dns splitting with ,. (Ex: '8.8.8.8,8.8.4.4') THIS OPTION WILL BE IGNORED IF PROXY IS USED | |[proxy]| String | The used proxy. The form must be the follow (Ex: http://proxyIp:proxyPort). | |[ignoreResponseWith]| String | The string to ignore on response received. If response contains given parameter, then will be ignored.| |[asyncRequests]| Boolean | Starting attack in async way. As Default false.| |[maxConcurrency]| Number | The maximal number of sent parallel asynchronous requests (only if asyncRequests is true). As default 100.| |[verbose]| Boolean | Activate verbose. As default false. THIS OPTION WILL BE IGNORED ON CLI |

@returns

| Type | Description | | ------------------- | ------------ | | Promise<Array> | The found results. {sent:Number, founds:[{target:host:port/foundPage, response:String, ms:Number}, ...]} |

CLI: Quickstart

npm install -g dirw4lker
dirw4lker --host=http://testphp.vulnweb.com --asyncRequests

Output:

    .___.__        __      __  _____ .__   __                         __        
  __| _/|__|______/  \    /  \/  |  ||  | |  | __ ___________        |__| ______
 / __ | |  \_  __ \   \/\/   /   |  ||  | |  |/ // __ \_  __ \       |  |/  ___/
/ /_/ | |  ||  | \/\        /    ^   /  |_|    <\  ___/|  | \/       |  |\___ \ 
\____ | |__||__|    \__/\  /\____   ||____/__|_ \\___  >__|    /\/\__|  /____  >
     \/                  \/      |__|          \/    \/        \/\______|    \/ 

                                                                        by Gr3p


[!] Legal disclaimer: Usage of this tool for scanning targets without prior mutual consent is illegal.


┌───────────────┬──────────────────────────────┐
│    (index)    │            Values            │
├───────────────┼──────────────────────────────┤
│     host      │ 'http://testphp.vulnweb.com' │
│ asyncRequests │             true             │
└───────────────┴──────────────────────────────┘

--listDir parameter is not used or empty. Using default list will not be really effective!


(1) [ 2020-03-27T20:22:13.098Z ] http://testphp.vulnweb.com/images/ => HTTP/1.1 200 OK
(2) [ 2020-03-27T20:22:13.115Z ] http://testphp.vulnweb.com/cgi-bin/ => HTTP/1.1 403 Forbidden
(3) [ 2020-03-27T20:22:13.156Z ] http://testphp.vulnweb.com/Templates/ => HTTP/1.1 200 OK
(4) [ 2020-03-27T20:22:13.234Z ] http://testphp.vulnweb.com/admin/ => HTTP/1.1 200 OK
(5) [ 2020-03-27T20:22:13.258Z ] http://testphp.vulnweb.com/Flash/ => HTTP/1.1 200 OK
(6) [ 2020-03-27T20:22:13.270Z ] http://testphp.vulnweb.com/AJAX/ => HTTP/1.1 200 OK
(7) [ 2020-03-27T20:22:13.288Z ] http://testphp.vulnweb.com/hpp/ => HTTP/1.1 200 OK
(8) [ 2020-03-27T20:22:13.294Z ] http://testphp.vulnweb.com/CVS/ => HTTP/1.1 200 OK
(9) [ 2020-03-27T20:22:13.347Z ] http://testphp.vulnweb.com/secured/ => HTTP/1.1 200 OK

FOUNDS: 9 / 184
Time: 458.629ms

Compared to sync way => Time: 13308.580ms

The CLI accept same parameters as API-Module.

Using proxy

It may happen to test a web application with the need to use a proxy to access it. For this reason, the ability to encapsulate requests behind a proxy has been implemented. It works with HTTP & HTTPS targets as well.

This mode can be used with proxies working with HTTP Tunnel mechanism.

dirw4lker --host=http://example.com --proxy=http://127.0.0.1:9080

[!] Proxy must be written like url.

Examples

You can use your own list with the option --listDir

dirw4lker --host=http://example.com --listDir=/tmp/directory.txt

The option --ext can used to combine the string on list with file-extensions. Use , for multiple extensions.

dirw4lker --host=http://example.com --ext=php,txt,html

dirW4lker will use your local-dns to resolve hostname as default. But you can change this with the option --dns. Use , for multiple dns servers.

dirw4lker --host=http://example.com --listDir=/tmp/directory.txt --dns=8.8.8.8

To ignore response with custom string, use the option --ignoreResponseWith=<stringToIgnore> For example, ignoring all responses containing code 301.

dirw4lker --host=http://example.com --listDir=/tmp/directory.txt --ignoreResponseWith=301

Special Thanks

Inspired by dirBuster.

Updates

Issues & Bug-Reports are welcome

  • [2020.04] @1.8.x Add maxConcurrency to avoid problem on other platforms (ex: win10).
  • [2020.03] @1.7.x Bug Fixing & Code Refactor.
  • [2020.03] @1.7.x implemented list option to use custom array.
  • [2020.03] @1.6.4 Fixed problem using proxy to http-targets
  • [2020.03] Moved repository to https://github.com/gr3p1p3/dirw4lker
  • [2020.03] @1.6.x --proxy option works on https-Targets too.
  • [2020.03] @1.5.x --proxy option is now implemented. It will only work on http-Targets.
  • [2020.03] Improved a lot of performance.
  • [2020.03] @1.4.4 --asyncRequests option is now stable.
  • [2020.03] @1.4.x Implemented --asyncRequests: possibility to start a scan in an async way.
  • [2020.03] @1.3.x Implemented new option --ignoreResponseWith.
  • [2020.02] @1.2.x Removed option --limit. This will be ignored.