A simple Python tool to brute-force directories on a target website using a customizable wordlist.
This script allows penetration testers and bug bounty hunters to check for hidden or unlinked directories on a target web server.
-
Clone the repository:
git clone https://github.com/Vigil5153/Directory-Brute-Forcer.git
-
Install the required dependencies: This script requires
requeststo be installed. You can install it using:pip install requests
Alternatively, install all dependencies from the
requirements.txtfile:pip install -r requirements.txt
-
Run the script: Run the script and provide the target URL and a wordlist (or use the default wordlist included in the repo):
python brute_force.py
-
Example Usage:
Enter the target URL (e.g., http://example.com): http://testphp.vulnweb.com Enter the path to your wordlist (default: wordlist.txt): wordlist2.txt - Or leave blank to use wordlist.txt
The tool comes with a default wordlist (wordlist.txt) which contains common directory names. You can modify this file or provide your own wordlist. Make sure each directory name is on a new line. Example entries:
admin
login
dashboard
images
etc..
Simply edit the wordlist.txt file to suit your needs or point the tool to another wordlist file.
You can find the default wordlist here.
Starting directory brute force on: http://example.com
[+] Scan complete! Found directories:
[+] http://example.com/admin
[+] http://example.com/login
[-] No directories found or directories are hidden.- Make sure you have permission before testing any web servers.
- Use responsibly and ethically.
- Pull Requests: Feel free to open a pull request if you want to contribute improvements, features, or fixes.
- Issues: Open an issue if you find bugs or want to request new features.
- Updates: This tool will be updated periodically. Stay tuned for new features and improvements.
This project is licensed under the MIT License - see the LICENSE file for details.