DIRX2/dirx at main · TrabbitOne/DIRX2 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
# ******************************************************************
# | WARNING: This Tool Is Made For Pentesters And Ethical Purposes |
# ******************************************************************
#!/bin/bash

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Youtube: TrabbitOne
# BuyMeACoffee: trabbit0ne

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# clear the terminal screen
clear

# Add the tool to system /bin
if [[ "$(uname -o 2>/dev/null)" != "Android" && "$(uname)" == "Linux" ]]; then
    sudo cp dirx /bin/
fi

# Create directory for wordlist if it doesn't exist
if [ ! -d /usr/share/ ]; then
    sudo mkdir -p /usr/share/
    sudo cp wordlist.txt /usr/share/
fi

# clear the terminal screen
clear

# Set up a trap to handle the INT signal (usually Ctrl+C)
trap handle_interrupt INT

function handle_interrupt {
    echo -e "\n{>=============================================<}"
    echo -e "                      ENDED                      "
    echo -e "{>=============================================<}"
    exit
}

# clear the terminal screen
clear

# Function to parse allowed response codes
function parse_response_codes() {
    IFS=',' read -ra ADDR <<< "$1"
    for i in "${ADDR[@]}"; do
        if [[ "$i" == *-* ]]; then
            allowed_response_ranges+=("$i")
            range=(${i//-/ })
            for ((j=${range[0]}; j<=${range[1]}; j++)); do
                allowed_responses+=("$j")
            done
        else
            allowed_responses+=("$i")
        fi
    done
}

function find_directories() {
    local url=$1             # target url for the scan
    local wordlist_file=$2   # used wordlist for the scan

    while IFS= read -r directory; do
        target_url="$url/$directory/"
        response=$(curl -s -o /dev/null -w "%{http_code}" "$target_url")

        if [[ " ${allowed_responses[*]} " == *" $response "* ]]; then
            case $response in
                200) # http response 200 mean valid/found http response
                    echo -e "[+] [ \e[42mFound\e[0m ]: /$directory/ (+)> [\e[32m200\e[0m]"
                    echo -e " ╘═URL => $target_url "
                    ;;
                403) # http response 403 mean that user dont have access to the file/directory
                    echo -e "[+] [ \e[36mForbidden\e[0m ]: /$directory/ (-)> 403"
                    echo " ╘═URL => $target_url "
                    ;;
                404) # http response 404 mean invalid/not-found http response
                    echo -e "[+] [ \e[41mNot Found\e[0m ]: /$directory/ (-)> 404"
                    echo " ╘═URL => $target_url "
                    ;;
                *) # http response (else), e.g., (301,302,401,402,405,...)
                    echo -e "[-] [ \e[37mUnexpected Status Code\e[0m ]: /$directory/ (?)> $response"
                    echo " ╘═URL => $target_url "
                    ;;
            esac
        fi
    done < "$wordlist_file"
}

# Initialize variables
allowed_responses=()        # variable for individual -ar argument value
allowed_response_ranges=()  # variable for ranged -ar argument value
found_only=false            # return 200 http response code only
target_url=""               # target url for scans made by user
wordlist_path=""            # wordlist used by the user (default: wordlist.txt)
ar_flag_set=false           # set the -ar argument at false by default
ar_flag_value=""            # set the -ar ergument value at empty  by default

# Read command line arguments
while getopts 'u:w:f:a:v' flag; do
    case "${flag}" in
        u) target_url="${OPTARG}" ;;
        w) wordlist_path="${OPTARG}" ;;
        f) found_only=true ;;
        a) parse_response_codes "${OPTARG}"; ar_flag_set=true; ar_flag_value="${OPTARG}" ;;
        v) version="2.2" && echo "Version: $version" && exit ;;
        *) echo "Invalid option: ${flag}" ;;
    esac
done

# Check if required options are provided
if [[ -z "$target_url" || -z "$wordlist_path" ]]; then
    clear
    echo
    echo -e "[\033[45;1m DIRX ~ RAPS \e[0m]"
    echo "Developed by Trabbit"
    echo "----------------------"
    echo -e "Usage: ./dirx -u <\033[38;5;202mtarget_url\e[0m> -w <\033[38;5;202mwordlist_path\e[0m> [\e[36m-f\e[0m] [\e[36m-v\e[0m] [-a <allowed_responses>]"
    echo "------------------------------------------------"
    echo " -u (URL)"
    echo " -w (Wordlist file/path)"
    echo " -f (Show only found directories)"
    echo " -v (Print version)"
    echo " -a (Allowed response codes, e.g., 200,301,302 or 200-300)"
    echo "------------------------------------------------"
    echo "Examples:"
    echo " dirx -u https://example.com -w wordlist.txt"
    echo " dirx -u https://example.com -w wordlist.txt -f"
    echo " dirx -u https://example.com -w wordlist.txt -a 200,301,302"
    echo " dirx -u https://example.com -w wordlist.txt -a 200-300"
    echo " dirx -v"
    echo
    echo
    exit 1
fi

# display banner
echo -e "\n            ####__   ___/ /___                      "
echo -e "            ######} |** \\ \\  |\\_                    "
echo -e "             ######}„_@_ //_@_  |<{//////////       "
echo -e "|¯¯¯¯|\\¯¯¯\\‚|¯¯¯¯¯¯¯¯¯|/|¯¯¯¯|\\¯¯¯\\’|¯¯¯¯’|/¯¯¯¯/"
echo -e "|    |'|   ||__/| |\\__|‚|    | |   ||__        / "
echo -e "|    |'|   ||¯¯\\| |/¯¯|‚|    |/   /  /       ¯¯| "
echo -e "|____|/___/‚|_________|'|____|\\___\\’/____/|____| "
echo -e "                                        \033[38;5;202mTRABBIT\e[0m  "
echo -e "{>=============================================<}"
echo -e "| [+] TARGET => $target_url [\e[36m-u\e[0m]                 "
echo -e "| [+] WORDLIST => $wordlist_path [\e[36m-w\e[0m]       "
echo -e "{>=============================================<}"
if [[ "$found_only" == true ]]; then
    echo -e "| [+] SHOW ONLY FOUND DIRECTORIES [\e[36m-f\e[0m]"
fi
if [[ "$ar_flag_set" == true ]]; then
    echo -e "| [+] ALLOWED RESPONSES => $ar_flag_value [\e[36m-a\e[0m]"
fi
echo -e "{>=============================================<}"
echo -e " \033[45;1m      \\\\\ DIRECTORY BRUTEFORCE STARTED \\\\\       \e[0m"
echo -e "{>=============================================<}\n"

# Execute directory brute force
find_directories "$target_url" "$wordlist_path"

# User feedback
echo -e "{>=============================================<}"
if [[ "$found_only" == true ]]; then
    echo -e "                DONE (FOUND ONLY).                      "
else
    echo -e "                      DONE.                      "
fi
echo -e "{>=============================================<}"

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~