ZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin (@0xTas).
I wrote this tool as a way to deepen my familiarity with Python, and to help increase my understanding of Cybersecurity tooling in general. ZenBuster may not be the fastest or most comprehensive tool of its kind. It is however, simple to use, decently flexible, and in practice only marginally slower than other “tried-and-true” tools like Gobuster. Personally, I have been using it to help me solve CTF challenges on platforms like TryHackMe, and have found my implementation to be satisfactorily reliable.
This software is intended for use in CTF challenges, or by security professionals to gather information on their targets:
Firstly, ensure that Python version >= 3.6 is installed, then clone the repository with:
git clone https://github.com/0xTas/zenbuster.git
Next, cd zenbuster
.
ZenBuster relies on 3 external libraries to function, and it is recommended to install these with:
pip install -r requirements.txt
The modules that will be installed and their purposes are as follows:
These dependencies may be installed manually, with pip
using requirements.txt, or via interaction with the script upon first run.
Once dependencies have been installed, you can run the program in the following ways:
./zenbuster.py [options]
or python3 zenbuster.py [options]
python zenbuster.py [options]
Short Flag | Long Flag | Purpose |
---|---|---|
-h | –help | Displays the help screen and exits |
-d | –dirs | Enables Directory Enumeration Mode |
-s | -ssl | Forces usage of HTTPS in requests |
-v | –verbose | Prints verbose info to terminal/log |
-q | –quiet | Minimal terminal output until final results |
-nc | –no-color | Disables colored terminal output |
-nl | –no-lolcat | Disables lolcat-printed banner (Linux only) |
-ic <codes> | –ignore-codes | List of status codes to exclude from results. |
-u <hostname> | –host | Host to target for the scan |
-w <wordlist> | –wordlist | Path to wordlist/dictionary file |
-x <exts> | –ext | Comma-separated list of file extensions (Dirs only) |
-p <port#> | –port | Custom port option for nonstandard webservers |
-o [filename] | –out-file | Log results to a file (accepts custom name/path) |
./zenbuster.py -d -w /usr/share/wordlists/dirb/common.txt -u target.thm -v
python3 zenbuster.py -w ../subdomains.txt --host target.thm --ssl -O myResults.log
zenbuster -w subdomains.txt -u target.thm --quiet -ic 400, 403
(With .bashrc alias)
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…