godirb is a fast recursive directory/file brute-forcer written in Go.
It is for the moments where you want a modern dirb-like tool: run it, get useful results, tune the obvious flags, and avoid dragging a full fuzzing framework into a simple job.
DirSearch is a mature web path scanner. godirb is smaller on purpose.
| Feature | godirb | DirSearch |
|---|---|---|
| Find files and folders | ✅ | ✅ |
| Recursive scan | ✅ | ✅ |
| Use custom wordlists | ✅ | ✅ |
| Made in Go | ✅ | ❌ |
| Works as a single binary | ✅ | ❌ |
| Baseline filter with heuristics | ✅ | ❌ |
| Embedded wordlists as Go slices | ✅ | ❌ |
Default embedded medium wordlist |
✅ | ❌ |
| Basic scan without runtime wordlist files | ✅ | ❌ |
Port fuzzing: http://host:FUZZ |
✅ | ❌ |
- Embedded wordlists:
small,common,medium,big,ports,payloads,xss,lfi - Default wordlist:
medium - Recursive mode with
-r, --recursive - Extensions with
-x, --ext - Threads with
-t, --threads(default:15) - Ignore status codes with
-i, --ignore(default:404,400,405,408) - Wildcard detection for directory scans
- Text, quiet text, JSON, CSV and file output
go install github.com/MyCode83/godirb@latestOr download a binary from Releases, or build it:
git clone https://github.com/MyCode83/godirb.git
cd godirb
go build -o godirb .godirb -u http://localhost
godirb -u http://localhost -r
godirb -u http://localhost -w ./paths.txt
godirb -u http://localhost -t 30
godirb -u http://localhost -i 404,403,500
godirb -u http://localhost -x php,txt,bakFUZZ in the URL switches to placeholder mode:
godirb -u "http://localhost/search?q=FUZZ" -w payloads
godirb -u http://localhost:FUZZ[DIR] http://localhost/admin ---> 200 | 1234
godirb -u http://localhost --json -o results.json
godirb -u http://localhost --csv -o results.csv
godirb -u http://localhost -qUse godirb only for authorized testing, labs and CTFs. You are responsible for having permission to scan a target.
MIT. See LICENSE.