Max sub-directories for recursion

[0xhunster]

when I set --max-recursion-depth 1 or -R 1 it works fine :)

python3 ~/tools/dirsearch/dirsearch.py -e* --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36" -i 200 --exit-on-error --full-url --deep-recursive --max-recursion-depth 1 -o outs.txt --format plain -w list -t 40 -u https://www.plesk.com/

  _|. _ _  _  _  _ _|_    v0.4.2.4
 (_||| _) (/_(_|| (_| )

Extensions: php, jsp, asp, aspx, do, action, cgi, html, htm, js, json, tar.gz, bak | HTTP method: GET | Threads: 40
Wordlist size: 925

Output File: /tmp/akash.txt

Target: https://www.plesk.com/

[10:07:05] Starting:
[10:07:08] 200 -  395B  - https://www.plesk.com/wp-admin/css/wp-admin.css
Added to the queue: wp-admin/
[10:07:08] 200 -  490B  - https://www.plesk.com/wp-admin/css/wp-admin-rtl.css
[10:07:08] 200 -    6KB - https://www.plesk.com/wp-admin/css/install.css
[10:07:08] 200 -  546B  - https://www.plesk.com/wp-admin/images/align-center.png
[10:07:08] 200 -  554B  - https://www.plesk.com/wp-admin/images/align-left.png
[10:07:08] 200 -  243B  - https://www.plesk.com/wp-admin/images/arrows.png
[10:07:08] 200 -    2B  - https://www.plesk.com/wp-admin/edit-form-advanced.php
[10:07:09] 200 -    4KB - https://www.plesk.com/wp-admin/images/imgedit-icons.png
[10:07:09] 200 -  360B  - https://www.plesk.com/wp-admin/images/marker.png
[10:07:13] 200 -    5KB - https://www.plesk.com/wp-admin/maint/repair.php
[10:07:13] 200 -    4KB - https://www.plesk.com/wp-admin/js/password-strength-meter.js
[10:07:16] 200 -    1KB - https://www.plesk.com/wp-admin/upgrade.php
[10:07:20] Starting: wp-admin/

Task Completed

but when I set --max-recursion-depth 2 or -R 2 didn't works it anymore.

lol@0xhunster:/tmp$ python3 ~/tools/dirsearch/dirsearch.py -e* --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36" -i 200 --exit-on-error --full-url --deep-recursive --max-recursion-depth 2 -o akash.txt --format plain -w list -t 40 -u https://www.plesk.com/

  _|. _ _  _  _  _ _|_    v0.4.2.4
 (_||| _) (/_(_|| (_| )

Extensions: php, jsp, asp, aspx, do, action, cgi, html, htm, js, json, tar.gz, bak | HTTP method: GET | Threads: 40
Wordlist size: 925

Output File: /tmp/akash.txt

Target: https://www.plesk.com/

[10:12:36] Starting:
[10:12:38] 200 -  611B  - https://www.plesk.com/wp-admin/css/farbtastic.css
Added to the queue: wp-admin/, wp-admin/css/
[10:12:38] 200 -  490B  - https://www.plesk.com/wp-admin/css/wp-admin-rtl.css
[10:12:38] 200 -   24KB - https://www.plesk.com/wp-admin/css/media.css
[10:12:38] 200 -  546B  - https://www.plesk.com/wp-admin/images/align-center.png
Added to the queue: wp-admin/images/
[10:12:39] 200 -  417B  - https://www.plesk.com/wp-admin/images/align-none.png
[10:12:39] 200 -  395B  - https://www.plesk.com/wp-admin/css/wp-admin.css
[10:12:41] 200 -  539B  - https://www.plesk.com/wp-admin/images/yes.png
[10:12:41] 200 -    0B  - https://www.plesk.com/wp-admin/includes/bookmark.php
Added to the queue: wp-admin/includes/
[10:12:41] 200 -    0B  - https://www.plesk.com/wp-admin/includes/class-ftp.php
[10:12:41] 200 -    0B  - https://www.plesk.com/wp-admin/includes/class-wp-filesystem-base.php
[10:12:42] 200 -    3KB - https://www.plesk.com/wp-admin/js/custom-background.js
Added to the queue: wp-admin/js/
[10:12:42] 200 -    0B  - https://www.plesk.com/wp-admin/includes/list-table.php
[10:12:43] 200 -  740B  - https://www.plesk.com/wp-admin/js/xfn.js
[10:12:44] 200 -    5KB - https://www.plesk.com/wp-admin/maint/repair.php
Added to the queue: wp-admin/maint/
[10:12:44] 200 -    5KB - https://www.plesk.com/wp-admin/js/media.js
[10:12:46] 200 -    1KB - https://www.plesk.com/wp-admin/upgrade.php
[10:12:52] Starting: wp-admin/
[10:13:23] Starting: wp-admin/css/
[10:13:56] Starting: wp-admin/images/
[10:14:29] Starting: wp-admin/includes/
[10:15:00] Starting: wp-admin/js/
[10:15:31] Starting: wp-admin/maint/

Task Completed

[shelld3v]

It did work, didn't it?

...
[10:12:52] Starting: wp-admin/
[10:13:23] Starting: wp-admin/css/
[10:13:56] Starting: wp-admin/images/
[10:14:29] Starting: wp-admin/includes/
[10:15:00] Starting: wp-admin/js/
[10:15:31] Starting: wp-admin/maint/
...

[0xhunster]

yes, work. But it should be scanned only 2. but not work.

[10:12:52] Starting: wp-admin/
[10:13:23] Starting: wp-admin/css/

[shelld3v]

Hi @0xhunster, I think you misunderstood the feature, "max recursion depth" is the maximum path depth to perform recursion. For example, if dirsearch finds /api/v2/, the path depth is 2 (/api and /v2), so if you set the maximum recursion depth to 1, it won't brute-force it.

[0xhunster]

oh, ok thanks for clearing this. Any way to scan only 2 recursive then stop. I mean, Added to the queue: jobs work only two times.

[10:12:52] Starting: wp-admin/
[10:13:23] Starting: wp-admin/css/

[shelld3v]

Well, maybe I will add that feature, but I need to know the purpose/usage of this feature first. What are the use cases, who will use it?

[0xhunster]

It's very important because nowadays we are doing a lot of automation. so, when we will do automation with dirsearch with recursion function, then dirseach will work with recursion, but when dirsearch found a directory then added to the queue, but if directory found more than 20. Then it will very time to get the result. So, If we set the jobs queue, it will be got the result in less time. I hope you understand.

[shelld3v]

@0xhunster I think when a hacker scans a target, they must expect to find all the possible paths, missing any path can lead to missing a vulnerability. dirsearch allows you to save the progress and continue later, so no need to ignore the results just for time complexity