Skip to content

Commit

Permalink
Refactor: add subcommands (#21)
Browse files Browse the repository at this point in the history 
Refactor: add subcommands
  • Loading branch information
@phra
phra committed Jun 21, 2019
2 parents da0e64e + 8e2d257 commit 82124fc
Show file tree
Hide file tree
Showing 5 changed files with 767 additions and 460 deletions.
45 changes: 45 additions & 0 deletions .vscode/launch.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"type": "lldb",
"request": "launch",
"name": "Debug executable 'rustbuster'",
"cargo": {
"args": [
"build",
"--bin=rustbuster",
"--package=rustbuster"
],
"filter": {
"name": "rustbuster",
"kind": "bin"
}
},
"args": [],
"cwd": "${workspaceFolder}"
},
{
"type": "lldb",
"request": "launch",
"name": "Debug unit tests in executable 'rustbuster'",
"cargo": {
"args": [
"test",
"--no-run",
"--bin=rustbuster",
"--package=rustbuster"
],
"filter": {
"name": "rustbuster",
"kind": "bin"
}
},
"args": [],
"cwd": "${workspaceFolder}"
}
]
}
182 changes: 148 additions & 34 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,23 +11,50 @@ You can download prebuilt binaries from [here](https://github.com/phra/rustbuste
## Usage

```shell
rustbuster 2.1.0
DirBuster for rust

_ _ _ _ _ _ _ _ _ _
/\ \ /\_\ / /\ /\ \ / /\ /\_\ / /\ /\ \ /\ \ /\ \
/ \ \/ / / _ / / \ \_\ \ / / \ / / / _ / / \ \_\ \ / \ \ / \ \
/ /\ \ \ \ \__ /\_\/ / /\ \__ /\__ \ / / /\ \ \ \ \__ /\_\/ / /\ \__ /\__ \ / /\ \ \ / /\ \ \
/ / /\ \_\ \___\ / / / / /\ \___\/ /_ \ \ / / /\ \ \ \ \___\ / / / / /\ \___\/ /_ \ \ / / /\ \_\ / / /\ \_\
/ / /_/ / /\__ / / / /\ \ \ \/___/ / /\ \ \/ / /\ \_\ \ \__ / / / /\ \ \ \/___/ / /\ \ \/ /_/_ \/_/ / / /_/ / /
/ / /__\/ / / / / / / / \ \ \ / / / \/_/ / /\ \ \___\ / / / / / / \ \ \ / / / \/_/ /____/\ / / /__\/ /
/ / /_____/ / / / / / _ \ \ \ / / / / / / \ \ \__// / / / / _ \ \ \ / / / / /\____\/ / / /_____/
/ / /\ \ \ / / /___/ / /_/\__/ / / / / / / / /____\_\ \ / / /___/ / /_/\__/ / / / / / / / /______ / / /\ \ \
/ / / \ \ \/ / /____\/ /\ \/___/ / /_/ / / / /__________/ / /____\/ /\ \/___/ / /_/ / / / /_______/ / / \ \ \
\/_/ \_\/\/_________/ \_____\/ \_\/ \/_____________\/_________/ \_____\/ \_\/ \/__________\/_/ \_\/
USAGE:
rustbuster [SUBCOMMAND]

FLAGS:
-h, --help Prints help information
-V, --version Prints version information

SUBCOMMANDS:
dir Directories and files enumeration mode
dns A/AAAA entries enumeration mode
fuzz Custom fuzzing enumeration mode
help Prints this message or the help of the given subcommand(s)
vhost Virtual hosts enumeration mode

EXAMPLES:
1. Dir mode:
rustbuster dir -u http://localhost:3000/ -w examples/wordlist -e php
2. Dns mode:
rustbuster dns -u google.com -w examples/wordlist
3. Vhost mode:
rustbuster vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x "Hello"
4. Fuzz mode:
rustbuster fuzz -u http://localhost:3000/login \
-X POST \
-H "Content-Type: application/json" \
-b '{"user":"FUZZ","password":"FUZZ","csrf":"CSRFCSRF"}' \
-w examples/wordlist \
-w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt \
-s 200 \
--csrf-url "http://localhost:3000/csrf" \
--csrf-regex '\{"csrf":"(\w+)"\}'
```

~ rustbuster v. 2.0.2 ~ by phra & ps1dr3x ~
### `dir` usage

```shell
rustbuster-dir
Directories and files enumeration mode

USAGE:
rustbuster [FLAGS] [OPTIONS] --url <url> --wordlist <wordlist>...
rustbuster dir [FLAGS] [OPTIONS] --url <url> --wordlist <wordlist>...

FLAGS:
-f, --append-slash Tries to also append / to the base request
Expand All @@ -39,42 +66,129 @@ FLAGS:
-V, --version Prints version information
-v, --verbose Sets the level of verbosity

OPTIONS:
-e, --extensions <extensions> Sets the extensions [default: ]
-b, --http-body <http-body> Uses the specified HTTP method [default: ]
-H, --http-header <http-header>... Appends the specified HTTP header
-X, --http-method <http-method> Uses the specified HTTP method [default: GET]
-S, --ignore-status-codes <ignore-status-codes> Sets the list of status codes to ignore [default: 404]
-s, --include-status-codes <include-status-codes> Sets the list of status codes to include [default: ]
-o, --output <output> Saves the results in the specified file [default: ]
-t, --threads <threads> Sets the amount of concurrent requests [default: 10]
-u, --url <url> Sets the target URL
-a, --user-agent <user-agent> Uses the specified User-Agent [default: rustbuster]
-w, --wordlist <wordlist>... Sets the wordlist

EXAMPLE:
rustbuster dir -u http://localhost:3000/ -w examples/wordlist -e php
```

### `dns` usage

```shell
rustbuster-dns
A/AAAA entries enumeration mode

USAGE:
rustbuster dns [FLAGS] [OPTIONS] --domain <domain> --wordlist <wordlist>...

FLAGS:
-K, --exit-on-error Exits on connection errors
-h, --help Prints help information
--no-banner Skips initial banner
--no-progress-bar Disables the progress bar
-V, --version Prints version information
-v, --verbose Sets the level of verbosity

OPTIONS:
-d, --domain <domain> Uses the specified domain
-o, --output <output> Saves the results in the specified file [default: ]
-t, --threads <threads> Sets the amount of concurrent requests [default: 10]
-w, --wordlist <wordlist>... Sets the wordlist

EXAMPLE:
rustbuster dns -u google.com -w examples/wordlist
```

### `vhost` usage

```shell
rustbuster-vhost
Virtual hosts enumeration mode

USAGE:
rustbuster vhost [FLAGS] [OPTIONS] --domain <domain> --ignore-string <ignore-string>... --url <url> --wordlist <wordlist>...

FLAGS:
-K, --exit-on-error Exits on connection errors
-h, --help Prints help information
-k, --ignore-certificate Disables TLS certificate validation
--no-banner Skips initial banner
--no-progress-bar Disables the progress bar
-V, --version Prints version information
-v, --verbose Sets the level of verbosity

OPTIONS:
-d, --domain <domain> Uses the specified domain to bruteforce
-b, --http-body <http-body> Uses the specified HTTP body [default: ]
-H, --http-header <http-header>... Appends the specified HTTP header
-X, --http-method <http-method> Uses the specified HTTP method [default: GET]
-S, --ignore-status-codes <ignore-status-codes> Sets the list of status codes to ignore [default: 404]
-x, --ignore-string <ignore-string>... Ignores results with specified string in the HTTP body
-s, --include-status-codes <include-status-codes> Sets the list of status codes to include [default: ]
-o, --output <output> Saves the results in the specified file [default: ]
-t, --threads <threads> Sets the amount of concurrent requests [default: 10]
-u, --url <url> Sets the target URL
-a, --user-agent <user-agent> Uses the specified User-Agent [default: rustbuster]
-w, --wordlist <wordlist>... Sets the wordlist

EXAMPLE:
rustbuster vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x "Hello"
```

### `fuzz` usage

```shell
rustbuster-fuzz
Custom fuzzing enumeration mode

USAGE:
rustbuster fuzz [FLAGS] [OPTIONS] --url <url> --wordlist <wordlist>...

FLAGS:
-K, --exit-on-error Exits on connection errors
-h, --help Prints help information
-k, --ignore-certificate Disables TLS certificate validation
--no-banner Skips initial banner
--no-progress-bar Disables the progress bar
-V, --version Prints version information
-v, --verbose Sets the level of verbosity

OPTIONS:
--csrf-header <csrf-header>... Adds the specified headers to CSRF GET request
--csrf-regex <csrf-regex> Grabs the CSRF token applying the specified RegEx
--csrf-url <csrf-url> Grabs the CSRF token via GET to csrf-url
-d, --domain <domain> Uses the specified domain
-e, --extensions <extensions> Sets the extensions [default: ]
-b, --http-body <http-body> Uses the specified HTTP method [default: ]
-H, --http-header <http-header>... Appends the specified HTTP header
-X, --http-method <http-method> Uses the specified HTTP method [default: GET]
-S, --ignore-status-codes <ignore-status-codes> Sets the list of status codes to ignore [default: 404]
-x, --ignore-string <ignore-string>... Ignores results with specified string in the HTTP Body
-s, --include-status-codes <include-status-codes> Sets the list of status codes to include [default: ]
-i, --include-string <include-string>... Includes results with specified string in the HTTP body
-m, --mode <mode> Sets the mode of operation (dir, dns, fuzz) [default: dir]
-o, --output <output> Saves the results in the specified file [default: ]
-t, --threads <threads> Sets the amount of concurrent requests [default: 10]
-u, --url <url> Sets the target URL
-a, --user-agent <user-agent> Uses the specified User-Agent [default: rustbuster]
-w, --wordlist <wordlist>... Sets the wordlist

EXAMPLES:
1. Dir mode:
rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php
2. Dns mode:
rustbuster -m dns -u google.com -w examples/wordlist
3. Vhost mode:
rustbuster -m vhost -u http://localhost:3000/ -w examples/wordlist -d test.local -x "Hello"
4. Fuzz mode:
rustbuster -m fuzz -u http://localhost:3000/login \
-X POST \
-H "Content-Type: application/json" \
-b '{"user":"FUZZ","password":"FUZZ","csrf":"CSRFCSRF"}' \
-w examples/wordlist \
-w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt \
-s 200 \
--csrf-url "http://localhost:3000/csrf" \
--csrf-regex '\{"csrf":"(\w+)"\}'

EXAMPLE:
rustbuster fuzz -u http://localhost:3000/login \
-X POST \
-H "Content-Type: application/json" \
-b '{"user":"FUZZ","password":"FUZZ","csrf":"CSRFCSRF"}' \
-w examples/wordlist \
-w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-10000.txt \
-s 200 \
--csrf-url "http://localhost:3000/csrf" \
--csrf-regex '\{"csrf":"(\w+)"\}'
```
Loading

0 comments on commit 82124fc

Please sign in to comment.