pathbuster 0.5.6

A path-normalization pentesting tool.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

use std::error::Error;

use pathbuster::detector::parse_raw_request_template;
use pathbuster::runner::{Options, PayloadSource, Runner};

#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
    let raw_request = concat!(
        "POST /api/* HTTP/1.1\n",
        "Host: example.com\n",
        "User-Agent: pathbuster\n",
        "X-Forwarded-For: *\n",
        "Content-Type: application/json\n",
        "\n",
        "{\"path\":\"*\"}\n"
    );

    let template = parse_raw_request_template(raw_request)
        .map_err(|e| format!("invalid raw request template: {e}"))?;
    println!("Injection points: {}", template.injection_points_len());

    let raw_request_path = std::env::temp_dir().join(format!(
        "pathbuster_example_raw_request_{}_advanced.txt",
        std::process::id()
    ));
    std::fs::write(&raw_request_path, raw_request)?;

    let runner = Runner::new(Options {
        urls: Vec::new(),
        raw_request: Some(raw_request_path.to_string_lossy().to_string()),
        payloads: PayloadSource::Inline(vec![
            "../".to_string(),
            "..%2f".to_string(),
            "%2e%2e%2f".to_string(),
        ]),
        skip_brute: true,
        rate: 10,
        concurrency: 10,
        timeout_seconds: 5,
        max_depth: 1,
        ..Options::default()
    })?;

    let result = runner.run().await?;
    println!("Targets: {}", result.fingerprints.len());
    println!("Matches: {}", result.matches.len());

    Ok(())
}