Repository files navigation

an async webpath scanner based onasyhttp.

To install simply cone the repository and install the requirements.

$ git clone git@github.com:pyno/dirfy.git$cd dirfy$ pip3 install -r dependencies.txt

Simple usage:

$ python3 dirfy.py -u http://url.to.test

get help:

$ python3 dirfy.py -h

Main features of dirfy:

• cmdline
• Asynchronous HTTP(S)
• Proxy support (-p)
• Extensions search (-e)
• Configurable path dictionary (-d)
• Configurable speed (-c)
• Configurable redirection behaviour (-r)
• Support for false positives detection (-f)
• Request logging (-n to disalbe)
• Custom headers (-H)

Some typicall advanced usages includes the false positives exclusions. Dirfy detects the presence of a page by looking at the HTTP return code: 200 means we found something. Oftentimes, especially when following redirects, this leads to false positives:

HTTP/1.1 200 OKContent-Length: 57Content-Type: text/htmlConnection: Closed<html><body>Resource not found</body></hmtml>

HTTP/1.1 200 OKContent-Length: 57Content-Type: text/htmlConnection: Closed<html><body>Please log-in...</body></hmtml>

To exclude such responses from results, just include in the filefalse_pos.txt

Resource not foundPlease log-in

and invoke dirfy as follow:

$ python3 dirfy.py -u http://url.to.test -f false_pos.txt

Note that each line of the file is treated as an indicator of a false positive.

Dirfy logs each request made in a file named log.txt. To disable logging, just run it with-n option.