pybuster v1.1
pybuster is a tool that is used to brute-force URLs of web servers.
Features
- Directory busting (URI)
- URL replace patterns (put PYBUSTER in URL for it to get replaced with current word)
- Multiple threads
- Clean data outputting
- Custom success status code selection
- Custom wordlist selection
Command Line Usage
usage: pybuster.py mode [-h] --wordlist WORDLIST --threads THREADS --url URL [--success SUCCESS]
positional arguments:
mode Mode to run pybuster [dir,subdomain]
optional arguments:
-h, --help show this help message and exit
--wordlist WORDLIST Full path to wordlist
--threads THREADS Number of threads to use
--url URL URL to check
--success SUCCESS Success status codes, split by comma [optional]
Why should i use this over gobuster?
The gobuster tool might be overall quicker, and it might be better in other fields, but;
- This tool runs on python3, which is pre-installed on most systems
- It uses pip3 for modules, and it only requires one, requests, which is already installed in most systems
- It is easier to understand python code over go code, when you aren't a programmer, thus you can easily edit this.
- Faster setup, you dont need to install golang, you can start it directly.
Changes in v1.1
Features below, +;
- Added subdomain search mode
- Changed cli usage, changed "dns" to "subdomain"
- Use python3 pybuster.py subdomain to start to scan for subdomains
- The url shall not change, do not try to do https://PYBUSTER.url.com, this will break the tool, it will automatically do that, just write out the URL normally, like; https://url.com.
- Minor changes to outputting
Changes in v1.0
First stable release, with main features, +:
- Clean outputting
- Easy exiting out of threads
- Cleaner display of found URLs/URIs
- Time formatting better, still need to modify a small thing, when time is 1am, 5 minutes, it will show 1:5, but it should show 01:05.
- Mode still not changing anything, although you can use pattern to check for subdomains and other things
- Slightly modified src/script.py to make it less CPU intensive, so more threads can run.
- Exiting only requires you to press enter
- Cleaner exiting summary.
Changes in v0.1.0
- Can select mode (still only dir mode is fully supported)
- used python argparse module for cleaner commandline arguments
- URL pattern to replace, you can put PYBUSTER in the URL, and it will replace it with the current wordlist item. Example: http://PYBUSTER.glaukio.com/ (do NOT put PYBUSTER in the end of the URL, for example; /PYBUSTER, it will start checking the URL like this; /wordlist_item/wordlist_item!)
Changes in v0.0.1
- Added base files
- Support for dir mode
- Custom thread selection
- CLI-like interface for displaying data while-running, no long outputs
- On exit, show a summary of what happend
- Pipe between threads
- Stop on command
- Custom wordlist selection
- Custom sucess status selection
5 Oct 8, 2022
3 Sep 26, 2022
13 Nov 3, 2022
11 Apr 11, 2022
0 Jan 10, 2022
20 Nov 12, 2022
10 Oct 19, 2022
1 Nov 15, 2021
3 Jan 28, 2022
3 Dec 06, 2021
5 Jun 03, 2021
18 Sep 03, 2022
4 Aug 31, 2021
20 Apr 07, 2022
3 Feb 03, 2022
2 Aug 21, 2022
1 Dec 16, 2021
675 Jan 03, 2023
295 Jan 06, 2023
3 Dec 04, 2022
52 Dec 17, 2022
2 Dec 22, 2021
4 Sep 23, 2022
14 Oct 15, 2022
56 Dec 27, 2022
5 Sep 12, 2022
3 Nov 28, 2021
823 Dec 21, 2022