RustBuster : DirBuster for Rust

RustBuster is a tool to dirbuster for rust and following are the 4 modes(Dir mode, Dns mode, Vhost mode, Fuzz mode) that are currently being implemented.

Dir mode
***********
rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php
Dns mode
***********
rustbuster -m dns -u google.com -w examples/wordlist
Vhost mode
**************
rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x “Hello”
Fuzz mode
************
rustbuster -m fuzz -u http://localhost:3000/login \
-X POST \
-H “Content-Type: application/json” \
-b ‘{“user”:”FUZZ”,”password”:”FUZZ”,”csrf”:”CSRFCSRF”}’ \
-w examples/wordlist \
-w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt \ -s 200

You can download prebuilt binaries from here.

Also Read – TOR Router : A Tool That Allow You To Make TOR Your Default Gateway

Usage

USAGE:
rustbuster [FLAGS] [OPTIONS] –url –wordlist …

FLAGS:
-f, –append-slash Tries to also append / to the base request
-K, –exit-on-error Exits on connection errors
-h, –help Prints help information
-k, –ignore-certificate Disables TLS certificate validation
–no-banner Skips initial banner
–no-progress-bar Disables the progress bar
-V, –version Prints version information
-v, –verbose Sets the level of verbosity

OPTIONS:
–csrf-header … Adds the specified headers to CSRF GET request
–csrf-regex Grabs the CSRF token applying the specified RegEx
–csrf-url Grabs the CSRF token via GET to csrf-url
-d, –domain Uses the specified domain
-e, –extensions Sets the extensions [default: ]
-b, –http-body Uses the specified HTTP method [default: ]
-H, –http-header … Appends the specified HTTP header
-X, –http-method Uses the specified HTTP method [default: GET]
-S, –ignore-status-codes Sets the list of status codes to ignore [default: 404]
-x, –ignore-string … Ignores results with specified string in the HTTP Body
-s, –include-status-codes Sets the list of status codes to include [default: ]
-i, –include-string … Includes results with specified string in the HTTP body
-m, –mode Sets the mode of operation (dir, dns, fuzz) [default: dir]
-o, –output Saves the results in the specified file [default: ]
-t, –threads Sets the amount of concurrent requests [default: 10]
-u, –url Sets the target URL
-a, –user-agent Uses the specified User-Agent [default: rustbuster]
-w, –wordlist … Sets the wordlist

Download
R K

Share
Published by
R K
Tags: DirBusterRustRustBuster
5 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago