pybuster v1.1
pybuster is a tool that is used to brute-force URLs of web servers.
Features
- Directory busting (URI)
- URL replace patterns (put PYBUSTER in URL for it to get replaced with current word)
- Multiple threads
- Clean data outputting
- Custom success status code selection
- Custom wordlist selection
Command Line Usage
usage: pybuster.py mode [-h] --wordlist WORDLIST --threads THREADS --url URL [--success SUCCESS]
positional arguments:
mode Mode to run pybuster [dir,subdomain]
optional arguments:
-h, --help show this help message and exit
--wordlist WORDLIST Full path to wordlist
--threads THREADS Number of threads to use
--url URL URL to check
--success SUCCESS Success status codes, split by comma [optional]
Why should i use this over gobuster?
The gobuster tool might be overall quicker, and it might be better in other fields, but;
- This tool runs on python3, which is pre-installed on most systems
- It uses pip3 for modules, and it only requires one, requests, which is already installed in most systems
- It is easier to understand python code over go code, when you aren't a programmer, thus you can easily edit this.
- Faster setup, you dont need to install golang, you can start it directly.
Changes in v1.1
Features below, +;
- Added subdomain search mode
- Changed cli usage, changed "dns" to "subdomain"
- Use python3 pybuster.py subdomain to start to scan for subdomains
- The url shall not change, do not try to do https://PYBUSTER.url.com, this will break the tool, it will automatically do that, just write out the URL normally, like; https://url.com.
- Minor changes to outputting
Changes in v1.0
First stable release, with main features, +:
- Clean outputting
- Easy exiting out of threads
- Cleaner display of found URLs/URIs
- Time formatting better, still need to modify a small thing, when time is 1am, 5 minutes, it will show 1:5, but it should show 01:05.
- Mode still not changing anything, although you can use pattern to check for subdomains and other things
- Slightly modified src/script.py to make it less CPU intensive, so more threads can run.
- Exiting only requires you to press enter
- Cleaner exiting summary.
Changes in v0.1.0
- Can select mode (still only dir mode is fully supported)
- used python argparse module for cleaner commandline arguments
- URL pattern to replace, you can put PYBUSTER in the URL, and it will replace it with the current wordlist item. Example: http://PYBUSTER.glaukio.com/ (do NOT put PYBUSTER in the end of the URL, for example; /PYBUSTER, it will start checking the URL like this; /wordlist_item/wordlist_item!)
Changes in v0.0.1
- Added base files
- Support for dir mode
- Custom thread selection
- CLI-like interface for displaying data while-running, no long outputs
- On exit, show a summary of what happend
- Pipe between threads
- Stop on command
- Custom wordlist selection
- Custom sucess status selection
5 Oct 8, 2022
3 Sep 26, 2022
13 Nov 3, 2022
11 Apr 11, 2022
0 Jan 10, 2022
20 Nov 12, 2022
10 Oct 19, 2022
1 Nov 15, 2021
3 Jan 28, 2022
13 Oct 26, 2022
45 Dec 20, 2022
16 Aug 30, 2022
11 Dec 06, 2022
127 Dec 27, 2022
12.4k Jan 08, 2023
42 Aug 09, 2022
213 Dec 30, 2022
5 Jul 19, 2022
17 Dec 20, 2021
25 Dec 08, 2022
431 Dec 22, 2022
16 Oct 08, 2022
4 Oct 24, 2022
1.2k Dec 28, 2022
364 Dec 30, 2022
6 Aug 07, 2021
7 Nov 09, 2022
4 Mar 07, 2022
3 Oct 20, 2021