Skip to content
A threaded, recursive, web directory brute-force scanner over HTTP/2.
Branch: master
Clone or download
Latest commit f81079e Jun 14, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
test Added small testing wordlist dictionary. May 16, 2019
.gitignore Initial commit Apr 23, 2019 v0.3-1 Jun 14, 2019
LICENSE v0.3-1 Jun 14, 2019 v0.3e Jun 3, 2019 v0.3-1 Jun 14, 2019
requirements.txt Add package dependencies Apr 24, 2019

h2buster (v0.3e-1)

A threaded, recursive, web directory brute-force scanner over HTTP/2 using hyper, inspired by Gobuster.


  • Fast and portable - install hyper and run.
  • Multiconnection scanning.
  • Multithreaded connections.
  • Scalable: scans can be as docile or aggressive as you configure them to be.
  • h2 and h2c support.
  • Configurable directory recursion depth.
  • Multiplatform: works on both *nix and Windows.


You only need to install one dependency. If you don't have hyper, run:
pip3 install -r requirements.txt


usage: [-h] -w wordlist -u target [-c connections] [-t threads]
                   [-r directory_depth] [-hd header_list] [-x extension_list]

h2buster: an HTTP/2 web directory brute-force scanner.

  -h, --help          show this help message and exit
  -w wordlist         Directory wordlist
  -u target           Target URL/IP address (host[:port]). Default port is 443
                      and HTTPS enabled. To specify otherwise, use ':port' or
                      'http://' (port will default to 80 then).
  -c connections      Number of HTTP/2 connections. Default is 3.
  -t threads          Number of threads per connection. Default is 20.
  -r directory_depth  Maximum recursive directory depth. Minimum is 1, default
                      is 2, unlimited is 0.
  -hd header_list     List of headers in the format
                      'header->value[|header->value|header->value...]'. For
                      example: -hd 'user-agent->Mozilla/5.0|accept-
                      encoding->gzip, deflate, br'.
  -x extension_list   List of file extensions to check separated by a vertical
                      bar. For example, -x '.php|.js|blank|/' will check .php,
                      .js, blank and / for every wordlist entry. The 'blank'
                      keyword signifies no file extension. Default extensions
                      are '/', 'blank', '.html', '.php'
  -nc                 Disable colored output text.


Check the TODO file for a list of features that need work.

You can’t perform that action at this time.