DIRB Web Content Scanner v2.03 released

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web
Objects. It basically works by launching a dictionary based attack against
a web server and analizing the response.

DIRB comes with a set of preconfigured attack wordlists for easy usage but
you can use your custom wordlists. Also DIRB sometimes can be used as a
classic CGI scanner, but remember is a content scanner not a vulnerability
scanner.

DIRB main purpose is to help in professional web application auditing.
Specially in security related testing. It covers some holes not covered by
classic web vulnerability scanners. DIRB looks for specific web objects that
other generic CGI scanners can’t look for. It doesn’t search vulnerabilities
nor does it look for web contents that can be vulnerables.

Changes for v2.03:

  • CLEAN: mejoradas algunas wordlists
  • BUG: la deteccion de 301/302 con -f fallaba algunas veces con recursion
  • FEATURE: la opcion -N ahora en vez de fijar el NEC, hace que ignoremos las respuestas con ese codigo
  • CLEAN: eliminados y modificados varios puntos del menu de ayuda
  • CLEAN: mejoradas la funciones de analisis de codigo devuelto en lanza_ataque()
  • CLEAN: revisada funcion location_clean()
  • CLEAN: eliminadas comprobaciones innecesarias en if()s

DIRB is NOT a Web Vulnerability Scanner. It does not look for bugs. But it’s
designed for helping in web vulnerability assessment.

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2


Related Articles

Application Scanner
Configurations checks
Data Mining
DIRB