DirNutek: High-Speed Web Content Scanner

Author: Neosb <neosb@nuteksecurity.com>

Unleashing the Power of Web Content Discovery

DirNutek is a cutting-edge, high-speed web content scanner designed to help security professionals, penetration testers, and developers efficiently discover hidden files, directories, and parameters on web servers. Built with performance in mind, DirNutek leverages advanced techniques to provide rapid and accurate results, making it an indispensable tool in any web reconnaissance toolkit.

Whether you're looking for misconfigurations, sensitive files, or forgotten endpoints, DirNutek streamlines the process of web content discovery with its flexible and powerful scanning capabilities.

Key Features at a Glance

DirNutek offers a rich set of features that empower users with granular control over their scans:

• High-Speed Concurrency: Maximize scanning efficiency with configurable concurrent requests, ensuring quick discovery even on large targets.
• Flexible Fuzzing: Utilize the FUZZ keyword in URLs (paths, subdomains, parameters) and custom headers to precisely target your wordlist injections.
  • Path Fuzzing: http://example.com/FUZZ
  • Subdomain Fuzzing: http://FUZZ.example.com
  • Parameter Fuzzing: http://example.com/page?id=FUZZ
• Versatile Input Options: Scan against multiple base URLs directly or load lists of targets from a file. Enhance scans by extracting URLs from "own results" files.
• Customizable HTTP Methods: Choose from common HTTP methods like GET, POST, PUT, DELETE, HEAD, OPTIONS, and PATCH to tailor requests.
• Intelligent Filtering: Refine your results by including or excluding specific HTTP status codes. Further filter responses based on exact word, character, or line counts in the response body.
• Recursion Control: Define the maximum recursion depth for directory scanning, from infinite (0) to no recursion (1).
• Request Throttling: Implement an optional delay between requests to avoid overwhelming target servers or to mimic slower user interaction.
• TLS Control: Option to danger-accept-invalid-certs for development or testing environments (use with caution).
• Custom User-Agent: Specify a custom User-Agent header for requests.
• POST Request Data: Include custom data in POST requests, with support for FUZZ keyword injection in the request body.
• Terminal User Interface (TUI): Experience a dynamic and interactive scanning process with the built-in TUI mode.
• Verbose Output: Get detailed request completion and error messages for in-depth analysis.

Basic Usage

Getting started with DirNutek is straightforward. Here's a simple example:

Language: bash

dirnutek -u http://example.com/FUZZ -w /path/to/wordlist.txt

This command will scan http://example.com/ by replacing FUZZ with each entry from your specified wordlist.

Installation

DirNutek is a Rust-based project, ensuring performance and reliability. You can find its source code and releases on GitHub, and easily install it via Cargo from Crates.io.

• Crates.io: Discover the package and installation instructions on crates.io/crates/dirnutek.
• GitHub Repository: Explore the source code, contribute, and report issues on github.com/NutekSecurity/dirnutek.

Releases

For pre-compiled binaries and release notes, visit the DirNutek GitHub Releases page.

Conclusion

DirNutek stands out as a powerful and adaptable tool for web content discovery. Its combination of speed, flexibility, and advanced filtering options makes it an essential asset for anyone serious about web security auditing or application development. Dive in and uncover what's lurking beneath the surface of your web applications!