Lulzbuster is a very fast and smart web directory and file enumeration tool written in C.
Usage
$ lulzbuster -H
Usage
lulzbuster -s [opts] |
Target Options
-s – start url to begin scan with
Http Options
-h – http request type (default: GET) – ? to list types
-x – exclude http status codes (default: 400,404,500,501,502,503
multi codes separated by ‘,’)
-f – follow http redirects. hint: better try appending a ‘/’
with ‘-A’ option first instead of using ‘-f’
-F – num level to follow http redirects (default: 0)
-u – user-agent string (default: built-in windows firefox)
-U – use random built-in user-agents
-c – pass custom header(s) (e.g. ‘Cookie: foo=bar; lol=lulz’)
-a – http auth credentials (format: 🙂
-r – turn on auto update referrer
-j – define http version (default: curl’s default) – ? to list
Timeout Options
-D – num seconds for delay between requests (default: 0)
-C – num seconds for connect timeout (default: 10)
-R – num seconds for request timeout (default: 30)
-T – num seconds to give up and exit lulzbuster completely
(default: none)
Tuning Options
-t – num threads for concurrent scanning (default: 30)
-g – num connection cache size for curl (default: 30)
note: this value should always equal to -t’s value
Other Options
-w – wordlist file
(default: /usr/local/share/lulzbuster/lists/medium.txt)
-A – append any words separated by comma (e.g. ‘/,.php,~bak)
-p – proxy address (format: ://:) – ? to
list supported schemes
-P – proxy auth credentials (format: 🙂
-i – insecure mode (skips ssl/tls cert verification)
-S – smart mode aka eliminate false-positives, more infos,
etc. (use this if speed is not your 1st priority!)
-n – nameservers (default: ‘1.1.1.1,8.8.8.8,208.67.222.222’
multi separated by ‘.’)
-l – log found paths and valid urls to file
Misc
-X – print built-in user-agents
-V – print version of lulzbuster and exit
-H – print this help and exit
Also Read – pwndrop : Self-Deployable File Hosting Service
Notes
Disclaimer
We hereby emphasize, that the hacking related stuff found on nullsecurity.net are only for education purposes. We are not responsible for any damages. You are responsible for your own actions.
Credit: noptrix
Learning Without Walls Remote education has long been a lifeline for students in rural areas…
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…