DIRB alternatives

Looking for an alternative tool to replace DIRB? During the review of DIRB we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. Wappalyzer (discovery of technology stack)
  2. RTA (vulnerability scanner)
  3. wig (reconnaissance tool for web applications)

These tools are ranked as the best alternatives to DIRB.

Alternatives (by score)

100

Wappalyzer

Introduction

Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page.

Project details

Wappalyzer is written in Node.js.

Strengths and weaknesses

  • + Has 300+ contributors
  • + More than 3000 GitHub stars

    Typical usage

    • Information gathering
    • Reconnaissance

    Wappalyzer review

    64

    RTA (Red Team Arsenal)

    Introduction

    RTA is helpful to automate scanning public resources of a company. As the project name implies, this may be used during red teaming, like a penetration test. That obviously does not limit its use, as it is similarly useful by the blue team.

    With its integration with Nessus and other tools, RTA is more of a toolkit. This can be seen in its functionality, like subdomain enumeration and information gathering capabilities.

    Project details

    RTA is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available
    • - No releases on GitHub available

    Typical usage

    • Information gathering
    • Penetration testing
    • Security assessment
    • System enumeration

    RTA review

    60

    wig (WebApp Information Gatherer)

    Introduction

    Tools like wig are used to discover what particular software is used to power a web application.

    Project details

    wig is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available
    • - No updates for a while
    • - Full name of author is unknown

    wig review

    64

    Th3inspector

    Introduction

    This tool can be called a true 'inspector tool' as it helps to discover many types of data.

    • Website information
    • Domain and subdomain information
    • Mail server information and email
    • Phone details
    • IP addresses
    • Detection of used CMS

    Project details

    Th3inspector is written in Perl.

    Strengths and weaknesses

    • + The source code of this software is available
    • - No releases on GitHub available

    Typical usage

    • Discovery of sensitive information
    • Information gathering

    Th3inspector review

    60

    dirsearch

    Introduction

    Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

    Project details

    dirsearch is written in Python.

    Strengths and weaknesses

    • + More than 10 contributors
    • + More than 500 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Information gathering
      • Penetration testing
      • Security assessment

      dirsearch review

      64

      DirSearch (Go)

      Introduction

      DirSearch is a Go implementation of the original dirsearch tool written by Mauro Soria. It is used to discover directories by using common names and guessing (fuzzing).

      Project details

      DirSearch (Go) is written in Golang.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Information gathering
        • Penetration testing
        • Security assessment

        DirSearch (Go) review

        64

        weblocator

        Introduction

        The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

        Project details

        weblocator is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Information gathering
          • Penetration testing
          • Security assessment

          weblocator review

          Some relevant tool missing as an alternative to DIRB? Please contact us with your suggestion.