A high-performance asynchronous directory brute forcer for web reconnaissance and penetration testing. Discover hidden directories, files, and endpoints with built-in wordlists and real-time results.
| Feature | Description |
|---|---|
| ⚡ Asyncio Concurrent | Scan hundreds of URLs simultaneously |
| 📚 Built-in Wordlists | Common (50), Small (20), Medium (100+) entries |
| 📁 Custom Wordlists | Load your own wordlist from file |
| 🔧 Extension Brute | Test multiple extensions (php, html, bak, sql, etc.) |
| 🎨 Status Code Filtering | Show only 200, 301, 302, 403, 500 responses |
| 📊 Real-time Results | Live table with color-coded status codes |
| 📁 Multi-format Export | Save results as JSON, CSV, or TXT |
| 🎨 Dark Hacker Theme | Eye-friendly terminal-inspired UI |
- Python 3.10 or higher
- pip package manager
# Clone the repository
git clone https://github.com/stcarleone/dirforce.git
cd dirforce
# Install dependencies
pip install -r requirements.txt
# Run the application
python src/main.py- Enter Target URL:
https://example.comorhttp://target.com - Select Wordlist: Common, Small, Medium, or load custom file
- Set Extensions:
php,html,txt,bak,zip,sql(comma-separated) - Configure Filters: Check which status codes to display
- Click START BRUTE: Watch real-time results appear
- Export: Save findings as JSON, CSV, or TXT
- Common: 50 most common directories/files
- Small: 20 essential entries (fast scan)
- Medium: 100+ entries including API endpoints, CMS paths
- Custom: Load any
.txtfile with one entry per line
Test multiple file extensions automatically:
admin→admin,admin.php,admin.html,admin.txt,admin.bak,admin.zip,admin.sql
This tool is intended for authorized security testing only. Always obtain proper written permission before testing any website or system you do not own. The developer assumes no liability for misuse.
MIT License - see LICENSE file for details.
stcarleone
- GitHub: @stcarleone
- Created: 2026
