dirb http://badurl.com
results look like this for a default list scan
---- Scanning URL: http://badurl.com/ ----
==> DIRECTORY: http://badurl.com/aspnet_client/
---- Entering directory: http://badurl.com/aspnet_client/ ----
==> DIRECTORY: http://badurl.com/aspnet_client/system_web/
---- Entering directory: http://badurl.com/aspnet_client/system_web/ ----
pass in your own custom folder searching list with this command
dirb http://badurl.com customlist.txt