pybuster v1.1
pybuster is a tool that is used to brute-force URLs of web servers.
Features
- Directory busting (URI)
- URL replace patterns (put PYBUSTER in URL for it to get replaced with current word)
- Multiple threads
- Clean data outputting
- Custom success status code selection
- Custom wordlist selection
Command Line Usage
usage: pybuster.py mode [-h] --wordlist WORDLIST --threads THREADS --url URL [--success SUCCESS]
positional arguments:
mode Mode to run pybuster [dir,subdomain]
optional arguments:
-h, --help show this help message and exit
--wordlist WORDLIST Full path to wordlist
--threads THREADS Number of threads to use
--url URL URL to check
--success SUCCESS Success status codes, split by comma [optional]
Why should i use this over gobuster?
The gobuster tool might be overall quicker, and it might be better in other fields, but;
- This tool runs on python3, which is pre-installed on most systems
- It uses pip3 for modules, and it only requires one, requests, which is already installed in most systems
- It is easier to understand python code over go code, when you aren't a programmer, thus you can easily edit this.
- Faster setup, you dont need to install golang, you can start it directly.
Changes in v1.1
Features below, +;
- Added subdomain search mode
- Changed cli usage, changed "dns" to "subdomain"
- Use python3 pybuster.py subdomain to start to scan for subdomains
- The url shall not change, do not try to do https://PYBUSTER.url.com, this will break the tool, it will automatically do that, just write out the URL normally, like; https://url.com.
- Minor changes to outputting
Changes in v1.0
First stable release, with main features, +:
- Clean outputting
- Easy exiting out of threads
- Cleaner display of found URLs/URIs
- Time formatting better, still need to modify a small thing, when time is 1am, 5 minutes, it will show 1:5, but it should show 01:05.
- Mode still not changing anything, although you can use pattern to check for subdomains and other things
- Slightly modified src/script.py to make it less CPU intensive, so more threads can run.
- Exiting only requires you to press enter
- Cleaner exiting summary.
Changes in v0.1.0
- Can select mode (still only dir mode is fully supported)
- used python argparse module for cleaner commandline arguments
- URL pattern to replace, you can put PYBUSTER in the URL, and it will replace it with the current wordlist item. Example: http://PYBUSTER.glaukio.com/ (do NOT put PYBUSTER in the end of the URL, for example; /PYBUSTER, it will start checking the URL like this; /wordlist_item/wordlist_item!)
Changes in v0.0.1
- Added base files
- Support for dir mode
- Custom thread selection
- CLI-like interface for displaying data while-running, no long outputs
- On exit, show a summary of what happend
- Pipe between threads
- Stop on command
- Custom wordlist selection
- Custom sucess status selection
5 Oct 8, 2022
3 Sep 26, 2022
13 Nov 3, 2022
11 Apr 11, 2022
0 Jan 10, 2022
20 Nov 12, 2022
10 Oct 19, 2022
1 Nov 15, 2021
3 Jan 28, 2022
1 Jan 03, 2022
365 Nov 30, 2022
5 Aug 25, 2022
165 Dec 21, 2022
30 Dec 06, 2022
44 Nov 18, 2022
56 Jul 31, 2022
64 Oct 18, 2022
16 Oct 12, 2022
300 Jan 07, 2023
31 Dec 19, 2022
91 Nov 08, 2022
3 Feb 21, 2022
5 Nov 18, 2022
2 Dec 16, 2021
2 Mar 21, 2022
1 Feb 14, 2022
8 Dec 20, 2022
59 Dec 01, 2022
7 Dec 07, 2022