RustBuster : DirBuster for Rust

RustBuster is a tool to dirbuster for rust and following are the 4 modes(Dir mode, Dns mode, Vhost mode, Fuzz mode) that are currently being implemented.

Dir mode
***********
rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php
Dns mode
***********
rustbuster -m dns -u google.com -w examples/wordlist
Vhost mode
**************
rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x “Hello”
Fuzz mode
************
rustbuster -m fuzz -u http://localhost:3000/login \
-X POST \
-H “Content-Type: application/json” \
-b ‘{“user”:”FUZZ”,”password”:”FUZZ”,”csrf”:”CSRFCSRF”}’ \
-w examples/wordlist \
-w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt \ -s 200

You can download prebuilt binaries from here.

Also Read – TOR Router : A Tool That Allow You To Make TOR Your Default Gateway

Usage

USAGE:
rustbuster [FLAGS] [OPTIONS] –url –wordlist …

FLAGS:
-f, –append-slash Tries to also append / to the base request
-K, –exit-on-error Exits on connection errors
-h, –help Prints help information
-k, –ignore-certificate Disables TLS certificate validation
–no-banner Skips initial banner
–no-progress-bar Disables the progress bar
-V, –version Prints version information
-v, –verbose Sets the level of verbosity

OPTIONS:
–csrf-header … Adds the specified headers to CSRF GET request
–csrf-regex Grabs the CSRF token applying the specified RegEx
–csrf-url Grabs the CSRF token via GET to csrf-url
-d, –domain Uses the specified domain
-e, –extensions Sets the extensions [default: ]
-b, –http-body Uses the specified HTTP method [default: ]
-H, –http-header … Appends the specified HTTP header
-X, –http-method Uses the specified HTTP method [default: GET]
-S, –ignore-status-codes Sets the list of status codes to ignore [default: 404]
-x, –ignore-string … Ignores results with specified string in the HTTP Body
-s, –include-status-codes Sets the list of status codes to include [default: ]
-i, –include-string … Includes results with specified string in the HTTP body
-m, –mode Sets the mode of operation (dir, dns, fuzz) [default: dir]
-o, –output Saves the results in the specified file [default: ]
-t, –threads Sets the amount of concurrent requests [default: 10]
-u, –url Sets the target URL
-a, –user-agent Uses the specified User-Agent [default: rustbuster]
-w, –wordlist … Sets the wordlist

R K

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

14 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

14 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

14 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

14 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

15 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

17 hours ago