By default, config.ini inside the dirsearch directory is used as the configuration file. You can select another file with --config or the DIRSEARCH_CONFIG environment variable.
# If you want to edit dirsearch default configurations, you can
# edit values in this file. Everything after `#` is a comment
# and won't be applied
[general]
threads = 25
async = True
recursive = False
deep-recursive = False
force-recursive = False
recursion-status = 200-399,401,403
max-recursion-depth = 0
exclude-subdirs = %%ff/,.;/,..;/,;/,./,../,%%2e/,%%2e%%2e/
random-user-agents = False
max-time = 0
target-max-time = 0
exit-on-error = False
skip-on-status = 429
#filter-threshold = 10
#subdirs = /,api/
#include-status = 200-299,401
#exclude-status = 400,500-999
#exclude-sizes = 0b,123gb
#exclude-texts = [
# "Not found",
# "404"
#]
#exclude-regex = "^403$"
#exclude-redirect = "*/error.html"
#exclude-response = 404.html
# Force extra wildcard calibration from the beginning. dirsearch still performs
# automatic fallback calibration when a target looks ambiguous.
auto-calibration = False
[advanced-filtering]
# Advanced opt-in filters and matchers, inspired by ffuf/wfuzz. These are not
# needed for normal discovery workflows.
matcher-mode = or
filter-mode = or
#match-status = 200-299,401,403
#filter-status = 500-599
#match-size = 100-2000
#filter-size = 0
#match-words = 10-100
#filter-words = 0
#match-lines = 2-50
#filter-lines = 0
#match-regex = "admin"
#filter-regex = "not found"
#match-time = >100
#filter-time = >2000
[dictionary]
default-extensions = php,asp,aspx,jsp,html,htm
force-extensions = False
overwrite-extensions = False
lowercase = False
uppercase = False
capital = False
#exclude-extensions = old,log
#prefixes = .,admin
#suffixes = ~,.bak
#wordlists = /path/to/wordlist1.txt,/path/to/wordlist2.txt
#wordlist-categories = common,conf,web
wordlist-backend = auto
wordlist-max-size = 500000
[request]
http-method = get
request-backend = python
follow-redirects = False
#headers = [
# "Header1: Value",
# "Header2: Value"
#]
#headers-file = /path/to/headers.txt
#user-agent = MyUserAgent
#cookie = SESSIONID=123
[connection]
timeout = 7.5
delay = 0
max-rate = 0
max-retries = 1
# By disabling `scheme` variable, dirsearch will automatically identify the URI scheme
#scheme = http
#proxies = ["localhost:8080"]
#proxies-file = /path/to/proxies.txt
#replay-proxy = localhost:8000
#network-interface = eth0
[advanced]
crawl = False
[view]
full-url = False
quiet-mode = False
color = True
show-redirects-history = False
disable-cli = False
verbose = False
[output]
# Available: simple, plain, json, xml, md, csv, html, sqlite
output-formats = plain
# Supported variables for 'output-file' and 'output-sql-table':
# - {extension}: File extension of the report, for 'output-file' only (e.g. txt, json)
# - {format}: Output format (e.g. plain, simple, xml)
# - {host}: Target hostname or IP (e.g. example.com)
# - {scheme}: URI scheme (http or https)
# - {port}: Port number (e.g. 443)
# - {date}: Scan date, format: DD-MM-YYYY (e.g. 07-10-2022)
# - {datetime}: Scan datetime, format: DD-MM-YYYY_HH-MM-SS (e.g. 2025-01-23_14:32:27)
#output-file = reports/{host}/{scheme}_{port}.{extension}
#mysql-url = mysql://user:password@localhost/database
#postgres-url = postgres://user:password@localhost/database
# Table to be used for SQL output (SQLite, MySQL, PostgreSQL)
output-sql-table = {scheme}_{host}:{port}
#log-file = /path/to/dirsearch.log
#log-file-size = 50000000