.gif)
Description:
pydirbuster 0.5
Pydirbuster
Pydirbuster is a Python based Web Directory and File Brute Forcer.
Installation
Pip:
$ pip3 install pydirbuster
Github:
$ git clone http://github.com/PercyJackson235/pydirbuster.git
$ cd pydirbuster
$ python3 setup.py install
Usage
Package Style:
>>> import pydirbuster
>>> webbuster = pydirbuster.Pybuster(url="http://doctor/",
... wordfile="/root/HackTheBox/tools/short.txt", exts=['php','html'])
>>> webbuster.Run()
=================================================================
Pydirbuster v0.02
=================================================================
Url: http://doctor/
Threads: 15
Wordlist: /root/HackTheBox/tools/short.txt
Status Codes: 200,204,301,302,307,401,403
User Agent: python-requests/2.23.0
Extensions: php,html
=================================================================
/.hta (Status : 403)
/.htaccess.php (Status : 403)
/.htaccess.html (Status : 403)
/.hta.html (Status : 403)
/.htpasswd (Status : 403)
/.htpasswd.php (Status : 403)
/.htpasswd.html (Status : 403)
/.hta.php (Status : 403)
/.htaccess (Status : 403)
/index.html (Status : 200)
=================================================================
Time elapsed : 1.7652253159903921
=================================================================
Commandline Script Style:
(venv) root@kali:~/HackTheBox/tools/venv# pydirbuster -u http://cartoon.worker.htb -w ../short.txt -t 30 -z -x php,html
=================================================================
Pydirbuster v0.04
=================================================================
Url: http://cartoon.worker.htb/
Threads: 30
Wordlist: ../short.txt
Status Codes: 200,204,301,302,307,401,403
User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; Trident/5.0)
Extensions: php,html
=================================================================
/Index.html (Status : 200)
/Images (Status : 403)
/css (Status : 403)
/fonts (Status : 403)
/images (Status : 403)
/index.html (Status : 200)
/index.html (Status : 200)
/js (Status : 403)
=================================================================
Time elapsed : 35.35524610700668
==================================================================================================================================
Time elapsed : 1.742801600979874
=================================================================
Commandline Module Style:
(venv) root@kali:~/HackTheBox/tools/venv# python -m pydirbuster -u http://cartoon.worker.htb -w ../short.txt -t 30 -z -x php,html
=================================================================
Pydirbuster v0.04
=================================================================
Url: http://cartoon.worker.htb/
Threads: 30
Wordlist: common.txt
Status Codes: 200,204,301,302,307,401,403
User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; Trident/5.0)
Extensions: php,html
=================================================================
/Index.html (Status : 200)
/Images (Status : 403)
/css (Status : 403)
/fonts (Status : 403)
/images (Status : 403)
/index.html (Status : 200)
/index.html (Status : 200)
/js (Status : 403)
=================================================================
Time elapsed : 35.35524610700668
=================================================================
Options
Commandline Style:
usage: pydirbuster [-h] -u URL -w WORDFILE [--user USER] [--pass PASSWORD] [-x EXTS] [-t THREADS] [-o LOGFILE] [-s CODES] [-f] [-z [USER_AGENT]]
Python Web Directory and File Brute Forcer
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL The url to start brute foroce from.
-w WORDFILE, --wordlist WORDFILE
The wordlist to use for brute force.
--user USER HTTP Username
--pass PASSWORD HTTP Password
-x EXTS File Extensions - must be commad delimited list
-t THREADS, --threads THREADS
The amount of threads to use.
-o LOGFILE, --output LOGFILE
File to log results.
-s CODES HTTP Status Codes to accept in a comma delimited list. Default - 200,204,301,302,307,401,403
-f Force wildcard proccessing.
-z [USER_AGENT], --user-agent [USER_AGENT]
Custom or random user agent. -z 'User-agent' for custom. -z for random
All flags, except for -u and -w, for the url and wordlist respectively, are optional. The value for -z, the user agent, is optional because a naked -z will randomly select a user-agent instead of setting a custom one.
Package Style:
class Pybuster(builtins.object)
| Pybuster(url: str, wordfile: str, threads: int = 15, exts: list = [''], logfile: str = None, codes: list = [200, 204, 301, 302, 307, 401, 403], user: str = None, password: str = None, force: bool = False, user_agent: str = 'python-requests/2.23.0')
|
| The Pybuster class is the main interface for this website scanner.
|
| Pybuster Class:
|
| param: url - The website base url for scanning.
| type: str
|
| param: wordfile - The filepath, relative or absolute for wordlist.
| type: str
|
| param: threads - The number of threads for the scanner to run. Default = 15
| type: int
|
| param: exts - The list of file extensions to check. default = ['']
| It is best pass it a list, ie. ['php', 'html', 'png'], but it can be
| passed a comma delimited string ex., 'php,html,png'
| type: list
|
| param: logfile - The name of an output file write results to.
| type: str
|
| param: codes - The http status codes to accept in responses.
| Can be passed a list of numbers in either int or str forms, or a
| comma delimited string. So ['200','204','301','302','307','401','403'],
| [200,204,301,302,307,401,403], and "200,204,301,302,307,401,403" are all
| valid, but the inner values must be able to converted to integers.
| Default = [200,204,301,302,307,401,403]
| param: user - HTTP username - Default = None
| type: list
|
| param: password - HTTP password - Default = None
| type: str
The url and wordfile parameters are required for the Pybuster object, all other parameters are optional.
Both the exts and codes parameters are better off being passed a list, but can take a comma delimited string, but the codes parameter requires that the values in the list or comma delimited string be valid integers.
The Pybuster class expects the user_agent paramater to be a string or None. If it is passed None, the object will randomly select a user-agent to impersonate.
License
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
Files:
Customer Reviews
There are no reviews.
