dirb_scan
Scan web directories and files using customizable wordlists and extensions to identify hidden endpoints and potential vulnerabilities during security assessments.
Instructions
Execute DIRB directory scanner with enhanced logging.
Args: url: Target URL wordlist: Wordlist file path extensions: File extensions to test recursive: Enable recursive scanning ignore_case: Ignore case sensitivity interactive: Interactive mode additional_args: Additional DIRB arguments
Returns: Directory scanning results
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| additional_args | No | ||
| extensions | No | ||
| ignore_case | No | ||
| interactive | No | ||
| recursive | No | ||
| url | Yes | ||
| wordlist | No | /usr/share/wordlists/dirb/common.txt |
Implementation Reference
- src/mcp_server/app.py:596-637 (handler)Primary MCP handler for 'dirb_scan' tool. Thin wrapper that proxies parameters to the backend REST API endpoint '/api/dirb' and returns results with logging.
def dirb_scan( url: str, wordlist: str = "/usr/share/wordlists/dirb/common.txt", extensions: str = "", recursive: bool = False, ignore_case: bool = False, interactive: bool = False, additional_args: str = "", ) -> dict[str, Any]: """Execute DIRB directory scanner with enhanced logging. Args: url: Target URL wordlist: Wordlist file path extensions: File extensions to test recursive: Enable recursive scanning ignore_case: Ignore case sensitivity interactive: Interactive mode additional_args: Additional DIRB arguments Returns: Directory scanning results """ data = { "url": url, "wordlist": wordlist, "extensions": extensions, "recursive": recursive, "ignore_case": ignore_case, "interactive": interactive, "additional_args": additional_args, } logger.info(f"๐ Starting DIRB directory scan on {url}") result = api_client.safe_post("api/dirb", data) if result.get("success"): logger.info(f"โ DIRB scan completed on {url}") else: logger.error("โ DIRB scan failed") return result - Backend REST API handler for dirb tool execution. Orchestrates parameter extraction, command building, execution, and result parsing. Registered via @tool decorator as '/api/tools/dirb'.
@tool(required_fields=["target"]) def execute_dirb(): """Execute DIRB directory scanner.""" data = request.get_json() params = extract_dirb_params(data) logger.info(f"Executing DIRB scan on {params['url']}") started_at = datetime.now() command_parts = build_dirb_command(params) execution_result = execute_dirb_command_secure( command_parts, timeout=params["timeout"] ) ended_at = datetime.now() return parse_dirb_result( execution_result, params, command_parts, started_at, ended_at ) - Helper function to parse DIRB stdout output and extract structured findings (endpoints) with standardized format.
def parse_dirb_output(stdout: str) -> list[dict[str, Any]]: """Parse dirb output into findings.""" findings = [] if not stdout.strip(): return findings lines = stdout.splitlines() for line in lines: line = line.strip() if not line or line.startswith("----") or "Scanning URL" in line: continue if line.startswith("+"): original_line = line target_line = line.strip("+").strip() if target_line.startswith("http"): # Extract clean target URL if " (" in target_line: target = target_line.split(" (")[0].strip() else: target = target_line finding = { "type": "endpoint", "target": target, "evidence": { "raw_output": original_line, "discovered_by": "dirb", }, "severity": "info", "confidence": "medium", "tags": ["dirb", "directory-enum"], "raw_ref": target_line, } findings.append(finding) elif line.startswith(("-", "*")): continue return findings - Helper function to construct the secure subprocess command list for DIRB based on input parameters.
def build_dirb_command(params: dict) -> list[str]: """Build dirb command from parameters.""" cmd_parts = ["dirb", params["url"]] cmd_parts.append(params["wordlist"]) if params["extensions"]: cmd_parts.extend(["-X", params["extensions"]]) if params["recursive"]: cmd_parts.append("-r") if params["ignore_case"]: cmd_parts.append("-z") cmd_parts.append("-N") if params["user_agent"]: cmd_parts.extend(["-a", params["user_agent"]]) if params["headers"]: cmd_parts.extend(["-H", params["headers"]]) if params["cookies"]: cmd_parts.extend(["-c", params["cookies"]]) if params["proxy"]: cmd_parts.extend(["-p", params["proxy"]]) if params["auth"]: cmd_parts.extend(["-u", params["auth"]]) if params["delay"]: cmd_parts.extend(["-l", str(params["delay"])]) return cmd_parts - Helper function to format the DIRB execution result into the unified API response schema with timings, stats, and findings.
def parse_dirb_result( execution_result: dict, params: dict, command: list[str], started_at: datetime, ended_at: datetime, ) -> dict[str, Any]: """Parse dirb execution result and format response.""" duration_ms = int((ended_at - started_at).total_seconds() * 1000) if not execution_result["success"]: return { "success": False, "tool": "dirb", "params": params, "started_at": started_at.isoformat(), "ended_at": ended_at.isoformat(), "duration_ms": duration_ms, "error": execution_result.get("stderr", "Command execution failed"), "findings": [], "stats": {"findings": 0, "dupes": 0, "payload_bytes": 0}, } stdout = execution_result.get("stdout", "") with open("/tmp/dirb_raw_output.log", "w") as f: f.write(stdout) logger.info("Dirb raw stdout logged") findings = parse_dirb_output(stdout) payload_bytes = len(stdout.encode("utf-8")) return { "success": True, "tool": "dirb", "target": params["url"], "command": " ".join(command), "started_at": started_at.isoformat(), "ended_at": ended_at.isoformat(), "duration_ms": duration_ms, "findings": findings, "stats": { "findings": len(findings), "dupes": 0, "payload_bytes": payload_bytes, }, "stdout": execution_result["stdout"], "stderr": execution_result["stderr"], "return_code": execution_result["return_code"], "parameters": { "url": params["url"], "wordlist": params["wordlist"], "extensions": params["extensions"], "recursive": params["recursive"], "ignore_case": params["ignore_case"], "user_agent": params["user_agent"], "headers": params["headers"], "cookies": params["cookies"], "proxy": params["proxy"], "auth": params["auth"], "delay": params["delay"], }, }