Lets write Multi Threaded Python Directory Brute forcing script. The Purpose of this post is not to equip you with a tool you can use, But to give you the basic understanding of how you can write your own better-improved tool – How it works.

The Structure of a Directory Brute Forcer

  • if URL Exists :
    • Open a word list and read all possible directories
    • append the possible directory to the URL
    • send HTTP request to the URL
    • if HTTP response is 200 OK. URL Exists, Directory found.

Lets Code!

Of course we are gonna be using Python requests. Lets get started.

We’re gonna be taking in the host name, The number of threads and the word list as command line parameters.

The above snippet will read in command line arguments. Let’s move on to the interesting part.

This is going to be our main function that is going to do the brute forcing part. We can now run this in how ever many threads we want.

The above snippet opens the word list and reads all of it’s lines. The lines that are going to be the possible directories. It reads them in a list and we shuffle them using random.shuffle.

We check if the directory name starts with #. Which can be random comments in the file, So we skip anything that starts with # using if(dir.startswith("#")).

We created a list to store every directory that has been checked to avoid rechecking it. checked=[].

Every directory URL checked is added to that list and every directory URL in the list is ignored.

if(CHECKURL not in checked): <- This only checks the directory url if it’s not in the list.

Now lets move on to the multi threaded part.

Here we first create a socket and test connection to the host. If it exists, We start the number of supplied threads of the brute forcing function.

This is the basic outline of a Directory Brute Forcing in python. Of course it could be written in other ways as well.

Further improving this code and it should look something like this :

Categories: Programming

Notify of
Newest Most Voted
Inline Feedbacks
View all comments
1 year ago

This is Amazing

2 months ago

Hello Fahad,

Please send me an email.


Would love your thoughts, please comment.x