SHARE
RBuster : Yet Another Dirbuster

Rbuster is yet another dirbuster with the latest version of v0.2.1. Following are the common command line options;

  • -a <user agent string> – specify a user agent string to send in the request
  • -c <http cookies> – use this to specify any cookies that you might need (simulating auth). header.
  • -f – force processing of a domain with wildcard results.
  • -l – show the length of the response.
  • -r – follow redirects.
  • -s <status codes> – comma-separated set of the list of status codes to be deemed a “positive” (default: 200,204,301,302,307).
  • -u <url/domain> – full URL (including scheme), or base domain name.
  • -v – verbose output (show all results).
  • -w <wordlist> – path to the wordlist used for brute forcing.
  • -b <token> – HTTP Authorization via Bearer token.
  • -P <password> – HTTP Authorization password (Basic Auth only, prompted if missing).
  • -U <username> – HTTP Authorization username (Basic Auth only).

Also Read – GoBuster : Directory/File, DNS & VHost Busting Tool Written In Go

Install

cargo install rbuster

Install in kali

apt install libssl-dev pkg-config
cargo install rbuster

Example

$ rbuster -w common.txt -u http://horriblesubs.info/

Rbuster 0.1.0 Vadim Smirnov
==================================================
Url/Domain : http://horriblesubs.info/
Wordlist : common.txt
Words : 4593
==================================================
/thanks (Status: 301 Moved Permanently | Content-Length: 0)
/the (Status: 301 Moved Permanently | Content-Length: 0)
/ro (Status: 301 Moved Permanently | Content-Length: 0)
/robot (Status: 301 Moved Permanently | Content-Length: 0)
/robotics (Status: 301 Moved Permanently | Content-Length: 0)
/robots.txt (Status: 200 OK | Content-Length: 67)