Fast, modern recursive directory and file brute-forcer written in Go.
Built for quick scans where you want a modern dirb-like tool: run it, get useful results, tune the obvious flags, and avoid dragging a full fuzzing framework into a simple job.
go install github.com/MyCode83/godirb@latestDownload the latest release for your platform from the
Releases page and add it to your PATH.
Basic scan
godirb -u https://example.comRecursive
godirb -u https://example.com -rCustom wordlist
godirb -u https://example.com -w paths.txtJSON output
godirb -u https://example.com --json -o results.jsongodirb is designed for the common case: you want to enumerate directories and files quickly, without configuring a large fuzzing framework.
- β‘ Fast native Go binary
- π¦ Single executable
- π Embedded wordlists
- π Recursive scanning
- π Directory and file discovery
- π― Wildcard detection
- π Port fuzzing (
http://host:FUZZ) - π JSON & CSV output
- π§© Simple CLI
DirSearch is a mature and feature-rich web path scanner.
godirb intentionally focuses on the most common workflow: install, run and get useful results with minimal setup.
| Feature | godirb | DirSearch |
|---|---|---|
| Find files and folders | β | β |
| Recursive scan | β | β |
| Custom wordlists | β | β |
| Written in Go | β | β |
| Single binary | β | β |
| Embedded default wordlists | β | β |
| Works without runtime wordlist files | β | β |
Port fuzzing (http://host:FUZZ) |
β | β |
- Directory and file brute-forcing
- Recursive mode (
-r,--recursive) - Extensions (
-x,--ext) - Custom wordlists (
-w,--wordlist) - FUZZ placeholder mode
- small
- common
- medium (default)
- big
- ports
- payloads
- xss
- lfi
- Standard text
- Quiet mode
- JSON
- CSV
- File output
- Threads (
-t,--threads) - Ignore status codes (
-i,--ignore) - Default ignored codes:
404,400,405,408 - Wildcard detection
Basic scan
godirb -u https://example.comRecursive
godirb -u https://example.com -rCustom wordlist
godirb -u https://example.com -w paths.txtExtensions
godirb -u https://example.com -x php,txt,bakFUZZ parameter
godirb -u "https://example.com/search?q=FUZZ" -w payloadsPort fuzzing
godirb -u https://example.com:FUZZExport JSON
godirb -u https://example.com --json -o results.jsonExport CSV
godirb -u https://example.com --csv -o results.csv[DIR] https://example.com/admin ---> 200 | 1234
[FILE] https://example.com/login.php ---> 200 | 842
[DIR] https://example.com/uploads ---> 403 | 795
π Embedded wordlists
| Name | Purpose |
|---|---|
| small | Tiny scans |
| common | common.txt from SecLists |
| medium | Default |
| big | Larger enumeration |
| ports | Port fuzzing |
| payloads | Generic payloads |
| xss | XSS payloads |
| lfi | LFI payloads |
Use godirb only for authorized security testing, labs and CTFs.
You are responsible for obtaining permission before scanning any target.
Licensed under the MIT License. See LICENSE for details.