Kali Linux

Zenbuster : Multi-threaded URL Enumeration/Brute-Forcing Tool

ZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin (@0xTas).

I wrote this tool as a way to deepen my familiarity with Python, and to help increase my understanding of Cybersecurity tooling in general. ZenBuster may not be the fastest or most comprehensive tool of its kind. It is however, simple to use, decently flexible, and in practice only marginally slower than other “tried-and-true” tools like Gobuster. Personally, I have been using it to help me solve CTF challenges on platforms like TryHackMe, and have found my implementation to be satisfactorily reliable.

This software is intended for use in CTF challenges, or by security professionals to gather information on their targets:

  • It is capable of brute-force enumerating subdomains and also URI resources (directories/files).
  • Both methods of enumeration require use of an appropriate wordlist or dictionary file.
  • Features Include:
    • Hostname format supports standard, IPv4, and IPv6.
    • Support for logging results to a file with -o [filename].
    • Specifying custom ports for nonstandard webservers with -p .
    • Optional file extensions in directory mode with -x .
    • Quiet mode for less distracting output with -q.
    • Color can be disabled for less distracting output with -nc / -nl.
    • Add to the list of http status codes to ignore (default 5xx, 404) with -ic.
    • Tested on Python versions 3.9 and 3.10, with theoretical support for versions >= 3.6

Installation

Firstly, ensure that Python version >= 3.6 is installed, then clone the repository with:

git clone https://github.com/0xTas/zenbuster.git

Next, cd zenbuster.

Dependencies

ZenBuster relies on 3 external libraries to function, and it is recommended to install these with:

pip install -r requirements.txt

The modules that will be installed and their purposes are as follows:

  1. Python requests
    • The backbone of each enumeration request. Without this, the script will not function.
  2. termcolor
    • Enables colored terminal output. Non-critical, the script can still run without color if this is not present.
  3. colorama (Windows only)
    • Primes the Windows terminal to accept ANSI color codes (from Termcolor). Non-critical.

These dependencies may be installed manually, with pip using requirements.txt, or via interaction with the script upon first run.

Usage

Once dependencies have been installed, you can run the program in the following ways:

On Linux (+Mac?)

./zenbuster.py [options] or python3 zenbuster.py [options]

On Windows

python zenbuster.py [options]

[ptions

Short FlagLong FlagPurpose
-h–helpDisplays the help screen and exits
-d–dirsEnables Directory Enumeration Mode
-s-sslForces usage of HTTPS in requests
-v–verbosePrints verbose info to terminal/log
-q–quietMinimal terminal output until final results
-nc–no-colorDisables colored terminal output
-nl–no-lolcatDisables lolcat-printed banner (Linux only)
-ic <codes>–ignore-codesList of status codes to exclude from results.
-u <hostname>–hostHost to target for the scan
-w <wordlist>–wordlistPath to wordlist/dictionary file
-x <exts>–extComma-separated list of file extensions (Dirs only)
-p <port#>–portCustom port option for nonstandard webservers
-o [filename]–out-fileLog results to a file (accepts custom name/path)

Example Usage

./zenbuster.py -d -w /usr/share/wordlists/dirb/common.txt -u target.thm -v

python3 zenbuster.py -w ../subdomains.txt --host target.thm --ssl -O myResults.log

zenbuster -w subdomains.txt -u target.thm --quiet -ic 400, 403 (With .bashrc alias)

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago