pathbuster-0.1.8 is not a library.
Visit the last successful build:
pathbuster-0.5.6
Todos
- Implement multiple host scanning using the replacement
{hosts}. - Implement --drop-after-fail which will ignore requests with the same response code multiple times in a row.
Installation
Install rust
|
Install pathbuster
Usage
This command will show the tool's help information and present a list of all the switches that are available.
USAGE:
pathbuster [OPTIONS] --url <url> --payloads <payloads> --paths <paths> --deviation <deviation>
OPTIONS:
-c, --concurrency <concurrency>
The amount of concurrent requests [default: 100]
--deviation <deviation>
The distance between the responses [default: 3]
-h, --help
Print help information
--hosts <hosts>
the file containing the list of root domains [default: .hosts.tmp]
--match-status <match-status>
[default: 200]
-o, --out <out>
The output file
--paths <paths>
the file containing the list of routes (crawl the host to collect routes) [default:
.paths.tmp]
--payloads <payloads>
the file containing the traversal payloads [default: ]
-r, --rate <rate>
Maximum in-flight requests per second [default: 1000]
--stop-at-first-match <stop-at-first-match>
stops execution flow on the first match [default: false]
-u, --url <url>
the url you would like to test
-V, --version
Print version information
-w, --workers <workers>
The amount of workers [default: 1]
--wordlist <wordlist>
the file containing the technology paths [default: .wordlist.tmp]
Flags
| Flag | Description |
|---|---|
| --url | url you would like to test |
| --paths | file containing the route place holder is {paths} |
| --payloads | file containing the payloads place holder is {payloads} |
| --hosts | file containing the root domains place holder is {hosts} |
| --wordlist | file containing the technology wordlist {words} |
| --match-status | status code used to match internal responses |
| --deviation | used to compare responses for deviations compares ../internalpath to /internalpath |
| --stop-at-first-match | used to display first valid finding |
| --rate | used set the maximum in-flight requests per second |
| --workers | number of workers to process the jobs |
| --concurrency | number of threads to be used for processing |
| --out | save output to a file |
| --help | prints help information |
| --version | prints version information |
Examples
Fingerprinting the proxy
$ pathbuster -u "https://example.com/{paths}/{payloads}" --payloads traversals.txt --paths paths.txt --match-status 400 --deviation 2 -o output.txt
Discovery process for a single URL
$ pathbuster -u "https://example.com/{paths}/{payloads}/{words}" --payloads traversals.txt --paths paths.txt --wordlist raft-medium-directories.txt --match-status 200 --deviation 2 -o output.txt
Discovery process using host replacements
$ pathbuster -u "https://{hosts}/{paths}/{payloads}/{words}" --hosts roots.txt --payloads traversals.txt --paths paths.txt --wordlist raft-medium-directories.txt --match-status 200 --deviation 2 -o output.txt
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
Support
For support, email blake@cyberlix.io or join our Discord group.
License
Pathbuster is distributed under MIT License