RBuster : Yet Another Dirbuster

Rbuster is yet another dirbuster with the latest version of v0.2.1. Following are the common command line options;

• -a <user agent string> – specify a user agent string to send in the request
• -c <http cookies> – use this to specify any cookies that you might need (simulating auth). header.
• -f – force processing of a domain with wildcard results.
• -l – show the length of the response.
• -r – follow redirects.
• -s <status codes> – comma-separated set of the list of status codes to be deemed a “positive” (default: 200,204,301,302,307).
• -u <url/domain> – full URL (including scheme), or base domain name.
• -v – verbose output (show all results).
• -w <wordlist> – path to the wordlist used for brute forcing.
• -b <token> – HTTP Authorization via Bearer token.
• -P <password> – HTTP Authorization password (Basic Auth only, prompted if missing).
• -U <username> – HTTP Authorization username (Basic Auth only).

Also Read – GoBuster : Directory/File, DNS & VHost Busting Tool Written In Go

Install

cargo install rbuster

Install in kali

apt install libssl-dev pkg-config
cargo install rbuster

Example

$ rbuster -w common.txt -u http://horriblesubs.info/

Rbuster 0.1.0 Vadim Smirnov
==================================================
Url/Domain : http://horriblesubs.info/
Wordlist : common.txt
Words : 4593
==================================================
/thanks (Status: 301 Moved Permanently | Content-Length: 0)
/the (Status: 301 Moved Permanently | Content-Length: 0)
/ro (Status: 301 Moved Permanently | Content-Length: 0)
/robot (Status: 301 Moved Permanently | Content-Length: 0)
/robotics (Status: 301 Moved Permanently | Content-Length: 0)
/robots.txt (Status: 200 OK | Content-Length: 67)