Home
Cybersecurity
Ethical Hacking

How to Use DIRB in Termux to Find Hidden Web Directories

Learn how to use DIRB in Termux for directory brute-forcing. This guide helps you scan websites and uncover hidden paths easily using DIRB on Android.
BlogZeros

If you're into ethical hacking or website penetration testing, DIRB is one tool you should know. It helps you find hidden directories and files on a web server. In this post, I’ll show you how to install and use DIRB in Termux on your Android phone. No root is needed.

Vector illustration showing a terminal window labeled "DIRB" with the URL "http://example.com/" on the left, and styled text on the right reading "Dirb In Termux" along with tags "Dirb" and "Termux Tools." Branding for "Kalimux" is displayed at the bottom right.
Find Hidden Web Directories

What is DIRB?

DIRB is a simple command-line tool used to brute-force directories and files on a web server. It works by making multiple HTTP requests using a wordlist and checking which paths return valid responses. This helps uncover hidden folders, admin pages, and more.

Why Use DIRB in Termux?

  • You can scan websites directly from your Android device.
  • It's lightweight and simple to use.
  • Great for learning and practicing ethical hacking.

Step 1: Update and Install Basic Packages

First, open Termux and update the packages. Then install the basic tools you’ll need: 

pkg update && pkg upgrade
pkg install git curl php

Step 2: Install Compilers and Clone DIRB

DIRB is not in the default Termux packages, so we’ll compile it manually from source: 

pkg install git clang make
git clone https://github.com/v0re/dirb.git
cd dirb/src
make

This command will compile the DIRB binary and get it ready for use. After compiling, you’ll see a file named dirb inside the src folder.

Step 3: Test DIRB

You can now test if DIRB is working:

./dirb http://example.com

Replace example.com with the target website you want to scan.

Step 4: Use a Custom Wordlist (Optional)

DIRB comes with its own wordlists, but you can also use your own or download common ones from GitHub or Kali Linux: 

./dirb http://example.com /path/to/wordlist.txt

Make sure the wordlist exists at the location you provide. You can also find wordlists in this folder: 

cd ../wordlists
ls

Example DIRB Scan Output

Here’s an example of how the output might look:

---- DIRB v2.22 ----
START_TIME: Fri Apr 24 10:00:00 2025
URL_BASE: http://example.com/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

GENERATED WORDS: 4612

---- Scanning URL: http://example.com/ ----

+ http://example.com/admin (CODE:200|SIZE:1123)
+ http://example.com/login (CODE:200|SIZE:754)

If DIRB finds valid directories, they will be shown with their HTTP response codes and sizes. You can check these URLs in a browser to investigate further.

Troubleshooting DIRB in Termux

  • Problem: Command not found
    Solution: Make sure you're in the src directory and run ./dirb instead of just dirb.
  • Problem: Permission denied
    Solution: Run chmod +x dirb to make the binary executable.
  • Problem: Not detecting valid directories
    Solution: Try using a different wordlist or check the target URL format (e.g., add / at the end).

Conclusion

DIRB is a powerful tool for discovering hidden directories on websites, and using it in Termux is pretty simple once you set it up. Whether you're learning ethical hacking or testing your own website’s security, DIRB can be a great addition to your toolbox.

Let me know in the comments if you face any issues. I’ll try to help you out.

More Termux Tools

If you liked this tutorial, check out my other posts on tools like Tool-X, Nmap, and Metasploit.

Stay safe and keep learning!

Post a Comment