Bug Bounty MCP Server

dirb_scan

Scan web directories and files using customizable wordlists and extensions to identify hidden endpoints and potential vulnerabilities during security assessments.

Instructions

Execute DIRB directory scanner with enhanced logging.

Args: url: Target URL wordlist: Wordlist file path extensions: File extensions to test recursive: Enable recursive scanning ignore_case: Ignore case sensitivity interactive: Interactive mode additional_args: Additional DIRB arguments

Returns: Directory scanning results

Input Schema

TableJSON Schema

Name	Required	Default
`additional_args`	No
`extensions`	No
`ignore_case`	No
`interactive`	No
`recursive`	No
`url`	Yes
`wordlist`	No	/usr/share/wordlists/dirb/common.txt

Output Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

src/mcp_server/app.py:596-637 (handler)

Primary MCP handler for 'dirb_scan' tool. Thin wrapper that proxies parameters to the backend REST API endpoint '/api/dirb' and returns results with logging.

def dirb_scan(
    url: str,
    wordlist: str = "/usr/share/wordlists/dirb/common.txt",
    extensions: str = "",
    recursive: bool = False,
    ignore_case: bool = False,
    interactive: bool = False,
    additional_args: str = "",
) -> dict[str, Any]:
    """Execute DIRB directory scanner with enhanced logging.

    Args:
        url: Target URL
        wordlist: Wordlist file path
        extensions: File extensions to test
        recursive: Enable recursive scanning
        ignore_case: Ignore case sensitivity
        interactive: Interactive mode
        additional_args: Additional DIRB arguments

    Returns:
        Directory scanning results
    """
    data = {
        "url": url,
        "wordlist": wordlist,
        "extensions": extensions,
        "recursive": recursive,
        "ignore_case": ignore_case,
        "interactive": interactive,
        "additional_args": additional_args,
    }

    logger.info(f"📁 Starting DIRB directory scan on {url}")
    result = api_client.safe_post("api/dirb", data)

    if result.get("success"):
        logger.info(f"✅ DIRB scan completed on {url}")
    else:
        logger.error("❌ DIRB scan failed")

    return result

src/rest_api_server/tools/dirb/dirb.py:224-242 (handler)

Backend REST API handler for dirb tool execution. Orchestrates parameter extraction, command building, execution, and result parsing. Registered via @tool decorator as '/api/tools/dirb'.

@tool(required_fields=["target"])
def execute_dirb():
    """Execute DIRB directory scanner."""
    data = request.get_json()
    params = extract_dirb_params(data)

    logger.info(f"Executing DIRB scan on {params['url']}")

    started_at = datetime.now()
    command_parts = build_dirb_command(params)
    execution_result = execute_dirb_command_secure(
        command_parts, timeout=params["timeout"]
    )
    ended_at = datetime.now()

    return parse_dirb_result(
        execution_result, params, command_parts, started_at, ended_at
    )

src/rest_api_server/tools/dirb/dirb.py:119-159 (helper)

Helper function to parse DIRB stdout output and extract structured findings (endpoints) with standardized format.

def parse_dirb_output(stdout: str) -> list[dict[str, Any]]:
    """Parse dirb output into findings."""
    findings = []

    if not stdout.strip():
        return findings

    lines = stdout.splitlines()

    for line in lines:
        line = line.strip()
        if not line or line.startswith("----") or "Scanning URL" in line:
            continue

        if line.startswith("+"):
            original_line = line
            target_line = line.strip("+").strip()
            if target_line.startswith("http"):
                # Extract clean target URL
                if " (" in target_line:
                    target = target_line.split(" (")[0].strip()
                else:
                    target = target_line
                finding = {
                    "type": "endpoint",
                    "target": target,
                    "evidence": {
                        "raw_output": original_line,
                        "discovered_by": "dirb",
                    },
                    "severity": "info",
                    "confidence": "medium",
                    "tags": ["dirb", "directory-enum"],
                    "raw_ref": target_line,
                }
                findings.append(finding)
        elif line.startswith(("-", "*")):
            continue

    return findings

src/rest_api_server/tools/dirb/dirb.py:38-73 (helper)

Helper function to construct the secure subprocess command list for DIRB based on input parameters.

def build_dirb_command(params: dict) -> list[str]:
    """Build dirb command from parameters."""
    cmd_parts = ["dirb", params["url"]]

    cmd_parts.append(params["wordlist"])

    if params["extensions"]:
        cmd_parts.extend(["-X", params["extensions"]])

    if params["recursive"]:
        cmd_parts.append("-r")

    if params["ignore_case"]:
        cmd_parts.append("-z")

    cmd_parts.append("-N")

    if params["user_agent"]:
        cmd_parts.extend(["-a", params["user_agent"]])

    if params["headers"]:
        cmd_parts.extend(["-H", params["headers"]])

    if params["cookies"]:
        cmd_parts.extend(["-c", params["cookies"]])

    if params["proxy"]:
        cmd_parts.extend(["-p", params["proxy"]])

    if params["auth"]:
        cmd_parts.extend(["-u", params["auth"]])

    if params["delay"]:
        cmd_parts.extend(["-l", str(params["delay"])])

    return cmd_parts

src/rest_api_server/tools/dirb/dirb.py:161-222 (helper)

Helper function to format the DIRB execution result into the unified API response schema with timings, stats, and findings.

def parse_dirb_result(
    execution_result: dict,
    params: dict,
    command: list[str],
    started_at: datetime,
    ended_at: datetime,
) -> dict[str, Any]:
    """Parse dirb execution result and format response."""
    duration_ms = int((ended_at - started_at).total_seconds() * 1000)

    if not execution_result["success"]:
        return {
            "success": False,
            "tool": "dirb",
            "params": params,
            "started_at": started_at.isoformat(),
            "ended_at": ended_at.isoformat(),
            "duration_ms": duration_ms,
            "error": execution_result.get("stderr", "Command execution failed"),
            "findings": [],
            "stats": {"findings": 0, "dupes": 0, "payload_bytes": 0},
        }

    stdout = execution_result.get("stdout", "")
    with open("/tmp/dirb_raw_output.log", "w") as f:
        f.write(stdout)
    logger.info("Dirb raw stdout logged")
    findings = parse_dirb_output(stdout)
    payload_bytes = len(stdout.encode("utf-8"))

    return {
        "success": True,
        "tool": "dirb",
        "target": params["url"],
        "command": " ".join(command),
        "started_at": started_at.isoformat(),
        "ended_at": ended_at.isoformat(),
        "duration_ms": duration_ms,
        "findings": findings,
        "stats": {
            "findings": len(findings),
            "dupes": 0,
            "payload_bytes": payload_bytes,
        },
        "stdout": execution_result["stdout"],
        "stderr": execution_result["stderr"],
        "return_code": execution_result["return_code"],
        "parameters": {
            "url": params["url"],
            "wordlist": params["wordlist"],
            "extensions": params["extensions"],
            "recursive": params["recursive"],
            "ignore_case": params["ignore_case"],
            "user_agent": params["user_agent"],
            "headers": params["headers"],
            "cookies": params["cookies"],
            "proxy": params["proxy"],
            "auth": params["auth"],
            "delay": params["delay"],
        },
    }

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It mentions 'enhanced logging' but doesn't explain what this entails (e.g., log format, output location). It lacks details on execution behavior such as rate limits, timeouts, permissions needed, or whether it's a read-only or potentially intrusive scan. For a security scanning tool, this is a significant gap.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with a clear purpose statement followed by Args and Returns sections. It's front-loaded with the main action. However, the parameter explanations are very brief and could be more informative without sacrificing conciseness, and the 'enhanced logging' detail is vague.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of a 7-parameter security scanning tool with no annotations, the description is moderately complete. It covers the purpose and parameters superficially, and an output schema exists (implied by 'Returns: Directory scanning results'), so return values don't need explanation. However, it lacks critical behavioral context (e.g., safety, performance) and usage guidelines, making it inadequate for fully informed tool invocation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description lists all 7 parameters with brief explanations, but schema description coverage is 0%, so the schema provides no additional details. The descriptions are minimal (e.g., 'Target URL', 'Wordlist file path') and don't add much semantic value beyond what the parameter names imply. For example, it doesn't specify format for 'extensions' or what 'interactive mode' entails. This partially compensates for the schema gap but remains basic.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Execute DIRB directory scanner with enhanced logging.' It specifies the verb ('execute') and resource ('DIRB directory scanner'), making it understandable. However, it doesn't explicitly differentiate from sibling tools like dirsearch_scan or feroxbuster_scan, which likely perform similar directory scanning functions.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. With many sibling tools for scanning (e.g., dirsearch_scan, feroxbuster_scan, gobuster_scan), there's no indication of scenarios where DIRB is preferred, prerequisites, or exclusions. This leaves the agent without context for tool selection.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/SlanyCukr/bugbounty-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server