🔍 DarkBuster

Advanced Web Directory & File Bruteforcer with Updated Wordlists (May 2026)

---

⚠️ Disclaimer

DarkBuster is intended for authorized security testing and educational purposes only. Always obtain explicit written permission before testing any system you do not own. Unauthorized use against systems you don't own is illegal and unethical. The author is not responsible for any misuse or damage caused by this tool.

---

🌟 Features

• ✅ Updated Wordlists — Curated and updated up to May 2026
• ✅ Multi-threaded — Fast scanning with configurable thread count
• ✅ Multiple Wordlists — Common, Admin panels, API endpoints, Backups, Technology-specific
• ✅ Extension Support — Append file extensions (.php, .html, .bak etc.)
• ✅ Color-coded Output — Easy to read results by status code
• ✅ Save Results — Export findings to file
• ✅ Custom Headers — User-agent, cookies support
• ✅ Progress Display — Real-time scan progress and ETA
• ✅ Safe & Stable — No crashes, handles all errors gracefully
• ✅ Easy to Use — Simple CLI interface for all skill levels

---

📦 Installation

Quick Install (Recommended)

# Clone the repository
git clone https://github.com/darkdisaster08/darkbuster.git
cd darkbuster

# Run installer
chmod +x install.sh
./install.sh

Manual Install

git clone https://github.com/darkdisaster08/darkbuster.git
cd darkbuster
pip3 install -r requirements.txt
python3 darkbuster.py --help

Kali Linux

git clone https://github.com/darkdisaster08/darkbuster.git
cd darkbuster
pip3 install requests
python3 darkbuster.py -u http://target.com

---

🚀 Usage

Basic Scan

python3 darkbuster.py -u http://target.com

Scan with Extensions

python3 darkbuster.py -u http://target.com -x .php,.html,.bak

Use Specific Wordlist

python3 darkbuster.py -u http://target.com -w admin-panels.txt

Fast Scan with More Threads

python3 darkbuster.py -u http://target.com -t 50

Save Results to File

python3 darkbuster.py -u http://target.com -o results.txt

HTTPS with Cookie

python3 darkbuster.py -u https://target.com --cookie "session=abc123"

Full Options

python3 darkbuster.py -u http://target.com -w common.txt -x .php,.html -t 30 -o output.txt

List All Available Wordlists

python3 darkbuster.py --list-wordlists

---

⚙️ Options

Flag	Description	Default
-u, --url	Target URL	Required
-w, --wordlist	Wordlist file	common.txt
-t, --threads	Thread count	20
-x, --extensions	Extensions to test	None
-o, --output	Save results to file	None
-s, --status	Status codes to show	200,301,302,307,401,403
--timeout	Request timeout (seconds)	5
--user-agent	Custom User-Agent	DarkBuster/1.0
--cookie	Cookie header	None
--list-wordlists	Show available wordlists	-

---

📚 Wordlists

All wordlists are updated to May 2026 and carefully curated for real-world pentesting.

Wordlist	Entries	Description
common.txt	300+	Most common web directories and files
common-large.txt	1000+	Extended discovery wordlist for deeper scans
admin-panels.txt	110+	Admin panel paths across major CMS platforms
api-endpoints.txt	120+	REST API, GraphQL, and common API endpoints
backup-files.txt	130+	Backup, archive, and sensitive file names
subdomains.txt	100+	Common subdomain names
technology/wordpress.txt	40+	WordPress specific paths
technology/php.txt	60+	PHP application files and endpoints
technology/django.txt	20+	Common Django framework paths
technology/drupal.txt	20+	Common Drupal CMS paths
technology/laravel.txt	20+	Laravel framework paths and files

What Makes These Wordlists Different?

• ✅ Cleaned and deduplicated
• ✅ Organized by category with comments
• ✅ Includes modern framework paths (Laravel, Next.js, etc.)
• ✅ Includes API and GraphQL endpoints
• ✅ Updated with paths discovered in recent bug bounties (2024-2026)
• ✅ Technology-specific lists for targeted scanning

---

🎯 Example Output

[200] http://target.com/admin (Size: 4521)
[301] http://target.com/backup → http://target.com/backup/ (Size: 0)
[403] http://target.com/.env (Size: 0)
[200] http://target.com/api/v1 (Size: 1203)
[401] http://target.com/admin/dashboard (Size: 512)

[*] Scan Complete!
[*] Time Elapsed  : 45.23 seconds
[*] Total Scanned : 1250
[*] Paths Found   : 5

---

🛡️ Status Code Reference

Code	Color	Meaning
200	🟢 Green	Found — accessible
301/302	🟡 Yellow	Redirect — worth checking
401	🔵 Cyan	Unauthorized — exists but needs auth
403	🔴 Red	Forbidden — exists but blocked

---

🔧 Tips for Best Results

1. Start with common.txt for a quick overview
2. Add extensions relevant to the target stack: -x .php,.html for PHP apps
3. Use admin-panels.txt specifically when looking for login pages
4. Use api-endpoints.txt for API testing
5. Increase threads (-t 50) on fast networks
6. Save results (-o file.txt) for documentation

---

📁 Repository Structure

darkbuster/
├── darkbuster.py           # Main tool
├── requirements.txt        # Dependencies
├── install.sh              # Quick installer
├── README.md               # Documentation
└── wordlists/
    ├── common.txt          # General purpose
    ├── common-large.txt    # Advance purpose
    ├── admin-panels.txt    # Admin paths
    ├── api-endpoints.txt   # API endpoints
    ├── backup-files.txt    # Backup files
    ├── subdomains.txt      # Subdomain names
    └── technology/
        ├── django.txt      # Django paths
        ├── drupal.txt      # Drupal paths
        ├── laravel.txt     # Laravel paths
        ├── wordpress.txt   # WordPress paths
        ├── php.txt         # PHP files
        └── wordpress.txt   # Wordpress files

---

🤝 Contributing

Contributions are welcome! Especially:

• New wordlist entries (with source/justification)
• Bug fixes
• Feature improvements
• New technology-specific wordlists

Please open an issue or pull request on GitHub.

---

📜 License

MIT License — see LICENSE file for details.

---

👤 Author

Manjeet Thakur (darkdisaster08)

• GitHub: github.com/darkdisaster08
• LinkedIn: linkedin.com/in/manjeet-thakur-sec

---

⭐ Support

If DarkBuster helped you, please consider giving it a star ⭐ on GitHub!

For authorized security testing only. Use responsibly.