RustBuster is a tool to dirbuster for rust and following are the 4 modes(Dir mode, Dns mode, Vhost mode, Fuzz mode) that are currently being implemented.
Dir mode
***********
rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php
Dns mode
***********
rustbuster -m dns -u google.com -w examples/wordlist
Vhost mode
**************
rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x “Hello”
Fuzz mode
************
rustbuster -m fuzz -u http://localhost:3000/login \
-X POST \
-H “Content-Type: application/json” \
-b ‘{“user”:”FUZZ”,”password”:”FUZZ”,”csrf”:”CSRFCSRF”}’ \
-w examples/wordlist \
-w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt \ -s 200
You can download prebuilt binaries from here.
Also Read – TOR Router : A Tool That Allow You To Make TOR Your Default Gateway
Usage
USAGE:
rustbuster [FLAGS] [OPTIONS] –url –wordlist …
FLAGS:
-f, –append-slash Tries to also append / to the base request
-K, –exit-on-error Exits on connection errors
-h, –help Prints help information
-k, –ignore-certificate Disables TLS certificate validation
–no-banner Skips initial banner
–no-progress-bar Disables the progress bar
-V, –version Prints version information
-v, –verbose Sets the level of verbosity
OPTIONS:
–csrf-header … Adds the specified headers to CSRF GET request
–csrf-regex Grabs the CSRF token applying the specified RegEx
–csrf-url Grabs the CSRF token via GET to csrf-url
-d, –domain Uses the specified domain
-e, –extensions Sets the extensions [default: ]
-b, –http-body Uses the specified HTTP method [default: ]
-H, –http-header … Appends the specified HTTP header
-X, –http-method Uses the specified HTTP method [default: GET]
-S, –ignore-status-codes Sets the list of status codes to ignore [default: 404]
-x, –ignore-string … Ignores results with specified string in the HTTP Body
-s, –include-status-codes Sets the list of status codes to include [default: ]
-i, –include-string … Includes results with specified string in the HTTP body
-m, –mode Sets the mode of operation (dir, dns, fuzz) [default: dir]
-o, –output Saves the results in the specified file [default: ]
-t, –threads Sets the amount of concurrent requests [default: 10]
-u, –url Sets the target URL
-a, –user-agent Uses the specified User-Agent [default: rustbuster]
-w, –wordlist … Sets the wordlist